You guys have made a fantastic job. It's very clever, this exploit uses a security measure (the Same-origin policy) to violate the user's privacy.
I've tested the demo in the Brave browser. The exploit works in regular and private tabs, but this browser also has a "Private with Tor" mode. In this mode, the exploit fails because the browser blocks parts of the content in the popup.
(BTW, the Private with Tor mode in Brave is not as secure as the Tor Browser.)
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
You guys have made a fantastic job. It's very clever, this exploit uses a security measure (the Same-origin policy) to violate the user's privacy.
I've tested the demo in the Brave browser. The exploit works in regular and private tabs, but this browser also has a "Private with Tor" mode. In this mode, the exploit fails because the browser blocks parts of the content in the popup.
(BTW, the Private with Tor mode in Brave is not as secure as the Tor Browser.)