

Deanonymize Facebook Users by Exploiting CSP-Implementation of Google Chrome - Hirnhamster
http://www.myseosolution.de/deanonymizing-facebook-users-by-csp-bruteforcing/

======
Hirnhamster
Short summary:

By exploiting a flawed implementation of the content security policy in Google
Chrome it's possible to identify a (random) user's Facebook profile. At least
Google Plus and Youtube are vulnerable as well.

The technique is based on an intelligent "bruteforcing" of URLs in the CSP
Header by using a binary search.

