Do Son 
Recently, Google and Mozilla removed the Stylish plugin from their respective app centres. A bug report shows that Stylish secretly records the user’s browser history and sends the data to a remote server, which Mozilla explains, and Google removes it directly from the extension centre.
The first software developer, Robert Heaton, pointed out the problem with Stylish in his blog. He said that Stylish sends the user’s full browsing web history back to their server with a unique identifier. This allows its owner, SimilarWeb, to connect the user’s activity to a single profile, making it easy to link this unique identifier to the website login cookie. This means that SimilarWeb not only has a copy of the user’s full browsing history but also has enough other data to theoretically know the email address and the user’s true identity.
As shown above, after Robert intercepted the network request, he knew that the operation of Stylish was not normal. He decoded it and found out that he was aware that Stylish was browsing all his browsing history.
Stylish is a popular browser plugin. Before that, there were only 300K users on Firefox. It can help users redefine the style of web pages, such as changing colours or removing unwanted content.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
