Markaan baadheyno intarneedka, waxaan la kulannaa baylahooyin badan oo laga yaabo inay xogtayada u soo bandhigaan kuwa soo weeraray. Laakiin wakhti ka dib, tignoolajiyada ayaa horumarisay si ay nooga difaacdo weeraradan. Laakiin isla mar ahaantaana, weeraryahannada oo si joogto ah isku dayaya inay helaan baylahda oo ay jabsadaan nidaamyadayada. Nuglaanta aan maanta ka hadlayno waxay ku jirtaa CSS ee bogga internetka waxaana loo yaqaan CSS Exfil .

Shabakadaha casriga ahi^(Modern) waxay si weyn ugu tiirsan yihiin CSS qaabaynta mana jirto si aad u qiyaasi karto degel aan lahayn CSS . CSS Exfil waxa loo isticmaali karaa in lagu xado xogta la beegsaday iyada oo la isticmaalayo Cascading Style Sheets ( CSS ) oo ah weerarka weerarka. Waxay khatar gelinaysaa macluumaadkaaga sida username, passwords, emails. Waxaa jira xaalado kala duwan oo weerar ah kuwaas oo ku tiirsan CSS Exfil . Waxaa ka mid ah duritaanka koodka, raadraaca shabakadda, xayeysiisyada sharci darrada ah, meelaynta kood xaasidnimada ah ee DOM iyo qaar kale oo badan.

Ka-hortagga nuglaanshahan waa qasab, laakiin badi browser-yada casriga ah ee aan isticmaalno ma la yimaadaan tallaabooyin ka-hortagga nuglaantan.

Sida loo hubiyo haddii browserkaagu u nugul yahay weerarada CSS Exfil

Waxaa jira tijaabiye nuglaanta CSS Exfil cajiib ^{(CSS Exfil Vulnerability Tester)} ah^{(available here)} oo ka shaqayn kara browser kasta oo xaqiijin kara heerka ilaalinta. Qalabku wuxuu tijaabiyaa browserka asalkiisu yahay iyo kan iskutallaabaha CSS . Boggu wuxuu isku dayi doonaa inuu ku ekaado weerarka CSS Exfil wuxuuna soo saari doonaa natiijooyinkii lagu guulaystay.

Kordhinta Ilaalinta CSS Exfil^{(CSS Exfil Protection Extension)} ee Chrome iyo Firefox

Haddii browserkaagu u noqdo mid nugul, markaa waa inaad tixgelisaa inaad ku darto wax yar oo ammaan ah. Waxaa jira kordhin loo heli karo Chrome iyo Firefox labadaba oo shaqadan kuu qabta. Kordhinta waxaa loo yaqaan Ilaalinta CSS Exfil^{(CSS Exfil Protection)} waxayna diyaar u tahay in laga soo dejiyo Bakhaarka Shabakadda Chrome^{(Chrome Web Store)} iyo Firefox Store sidoo kale.

Marka la rakibo oo la furo, waxaad mar kale u gudbi kartaa tijaabiyaha nuglaanta si aad u hubiso in browserkaagu la ilaaliyo iyo in kale. Sawirada weerarku waa in aanay soo qaadin, dhammaan imtixaanadana waa in ay keenaan natiijo wanaagsan.

Sidoo kale, waxaad awoodi doontaa inaad aragto tiro leh summada kordhinta oo ku ag taal ciwaanka Tiradu waa tilmaanta in boggani uu isku dayay in uu ka faa'iidaysto nuglaanta oo la xannibay. Markaa, haddii aad aragto tirintan mareegaha kale ee aad isticmaashid, waxaad u baahan tahay inaad ka taxadarto agagaarka mareegahaas.

Kordhinta Ilaalinta CSS Exfil^{(CSS Exfil Protection)} waxay u shaqeysaa iyada oo horay u sii baareysa CSS ee bogga mareegaha. Waxay baadhaysaa CSS oo dhan waxayna raadisaa wicitaan kasta oo fog gudaha qiyamka sifada CSS . ^(CSS)Haddii uu jiro wicitaan fog oo noocaas ah, wuu ka takhalusaa oo wuxuu ka dhigayaa CSS nadiif ah. Tiradu waxay u badan tahay inay tahay tirada wicitaannada fog fog ee laga helay CSS ee boggan.

CSS Exfil waxay abuuri kartaa nuglaanta aad u badan. Lahaanshaha ka hortagga iyaga waa qasab. Kordhintani waa hal tallaabo oo jihada saxda ah loo qaaday, waxaanan rajaynaynaa inaan aragno ammaan badan oo ay bixiyaan daalacayaashu si asal ah mustaqbalka. Ilaalinta CSS Exfil^{(CSS Exfil Protection)} waa il furan waana bilaash in la soo dejiyo. Waxaad ka eegi kartaa boggeeda GitHub ama si toos ah ayaad uga soo dejisan kartaa bakhaarka kordhinta ee biraawsarkaaga.

CSS Exfil Protection browser extension offers CSS Exfil vulnerability attack

As wе are browѕing the internet, we are expoѕed to a lot of vulnerabilities that might expose our data to attackers. Βut with timе, the technology has evolved іn order to protect us againѕt these attacks. But at the same time, the attackers and constantly trying to find νulnerabilities and hack into our systems. The vulnerabilitу that wе are tаlking abоut today lies in CSS of a webpage and it is called CSS Exfil.

Modern websites rely heavily on CSS for styling and there is no way you can imagine a website without CSS. CSS Exfil can be used to steal targeted data using Cascading Style Sheets (CSS) as an attack vector. It puts your information such as username, passwords, emails at risk. There are a variety of attack scenarios that rely on CSS Exfil. They include code injection, web tracking, illegitimate advertisements, malicious code placement in DOM and a few more.

Protection against this vulnerability is must but most of the modern browsers that we use do not come with protection measures against this vulnerability.

How to check if your browser is vulnerable to CSS Exfil attacks

There is a wonderful CSS Exfil Vulnerability Tester available here that can work on any browser and confirm the protection status. The tool tests a browser for the same origin and cross-domain CSS. The webpage would try to mimic the attack via CSS Exfil and will produce the results it was successful.

CSS Exfil Protection Extension for Chrome and Firefox

If your browser turns out to be vulnerable, then you should consider adding a little security to it. There is an extension available for both Chrome and Firefox that does this job for you. The extension is called CSS Exfil Protection and is available to download from Chrome Web Store and Firefox Store as well.

Once installed and enabled, you can head over to the vulnerability tester again to check if your browser is protected or not. The attack images should not load, and all the tests should produce a positive result.

Also, you will be able to notice a count with the extension’s icon beside the address bar. The count is the indication that this webpage tried to exploit a vulnerability and it has been blocked. So, if you notice this count on other websites that you use, you need to be careful around those websites.

CSS Exfil Protection extension works by pre-processing the CSS of a webpage. It scans the entire CSS and looks for any remote calls inside CSS attribute values. If any such remote call exists, it neutralizes it and makes the CSS clean. And the count is probably the number of such remote calls it found in the CSS of this webpage.

CSS Exfil can create quite a lot of vulnerabilities. Having protection against them is a must. This extension is just one step in the right direction, and we hope to see more security offered by the browsers natively in the future. CSS Exfil Protection is open source and free to download. You can check out its GitHub page or directly download it from the extension store of your web browser.

Related posts

• Sida gacanta loogu sahlo Retpoline Windows 10

• Sida loogu wargaliyo Bug, Arrin ama Nuglaanta Microsoft

• Weerarada Nuglaanta Afduubka DLL, Kahortagga & Ogaanshaha

• Iskaanka Guriga Bitdefender: Ka baadh shabakadaada guriga si aad u hesho dayacan

• SecPod Saner Shakhsiyeed: Sawir-qaade Nuglaanta Sare ee Bilaashka ah

• Waa maxay Spear phishing? Sharaxaada, Tusaalooyinka, Ilaalinta

• Lockwise, Monitor, Facebook weelka, Ka ilaalinta Firefox

• Deji Raadinta La Wanaajiyey, Digniinaha Jebinta Ilaalinta, Lockwise Firefox

• Soo hel xiriiriyeyaasha jaban, ka xaqiiji HTML & CSS mareegahaaga addoo isticmaalaya DeepTrawl

• Ilaalinta Ilaha Windows ma bilaabi karto adeegga dayactirka

• Waa maxay astaanta Ilaalinta Tamper ee gudaha Windows 11/10

• Sida loogu daro ama looga saaro abka gudaha Ka faa'iidaysiga Ilaalinta ee Windows 10

• Ka ilaali isticmaalayaasha inay wax ka beddelaan Ilaalinta Ka faa'iidaysiga ee Amniga Windows

• Sida loo nadiifiyo Taariikhda Ilaalinta Difaaca Windows gudaha Windows 10

• Waa maxay Ilaalinta Xisaabaadka ee Windows 11/10 iyo sida loo qariyo qaybtan

• Ilaalinta Ilaha Windows waxay heshay faylal kharriban laakiin wuu awoodi waayay inuu hagaajiyo qaarkood

• Hagaaji Malwarebytes Ilaalinta-Waqtiga Dhabta ah ee Shabakadda Ma daarmi doonto Cilad

• Amniga internetka iyada oo loo marayo waxbarashada: Kaspersky Interactive Protection Simulation

• Waa maxay ilaalinta la xoojiyey ee Google Chrome ka iyo sida loo suurtogeliyo

• Weerarada Ransomware, Qeexid, Tusaalayaal, Ilaalinta, Bixinta