A security researcher has abused the Cascading Style Sheets (CSS) web standard to deanonymize visitors to a demo site and reveal their Facebook usernames, avatars, and if they liked a particular web page of Facebook. Information leaked via this attack could aid some advertisers link IP addresses or advertising profiles to real-life persons, posing a serious threat to a user’s online privacy. The vulnerability resides in the browser implementation of a CSS feature named “mix-blend-mode
Source: security