By exploiting a flawed implementation of the content security policy in Google Chrome it's possible to identify a (random) user's Facebook profile. At least Google Plus and Youtube are vulnerable as well.
The technique is based on an intelligent "bruteforcing" of URLs in the CSP Header by using a binary search.
By exploiting a flawed implementation of the content security policy in Google Chrome it's possible to identify a (random) user's Facebook profile. At least Google Plus and Youtube are vulnerable as well.
The technique is based on an intelligent "bruteforcing" of URLs in the CSP Header by using a binary search.