Attackers can use Scroll to Text Fragment web browser feature to steal data � research

A security researcher has discovered that the Scroll to Text Fragment (STTF) feature, which enables users to quickly navigate to a particular text fragment on a webpage, can be leveraged to leak sensitive user data.�The vulnerability, found by Maciej Piechota of SecForce, uses CSS selectors to gather data from a web page and send it to a server under the attacker’s control.

By using the ‘#:text’ identifier and adding a text string to the URL of a webpage, users can access the STTF feature. The browser will immediately scroll to the string and highlight the appropriate area if it is present on the page. “I started wondering how the highlighting is done on the successful scroll and if it could be adjusted somehow,” Piechota told The Daily Swig. “I received a link from a friend which featured Scroll to Text Fragment.” Read More…

Attackers can use Scroll to Text Fragment web browser feature to steal data � research

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Attackers can use Scroll to Text Fragment web browser feature to steal data � research

20-Jun-22

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address