> Name any CSS or JS exploit that had meaningful real-world impact in the last decade. The tale of frequent compromises of browsers via ads is told merely to legitimize the practice of blocking even entirely plain and benign ads.
I think the actual malware infections themselves legitimize the practice of blocking even entirely plain and benign ads.
JS exploits and malware written in JS are common, but so far I haven't seen CSS used to infect systems, just steal data/log keystrokes and add a lot of privacy concerns which is bad enough. I'm already keeping an eye out for a CSS blocker that will only allow a sane subset of CSS and block or limit externally hosted resources.
I think the actual malware infections themselves legitimize the practice of blocking even entirely plain and benign ads.
Ads do still infect people with malware. https://blog.confiant.com/tag-barnakle-the-malvertiser-that-... Hell, yahoo was hit not that long ago and users were at risk of infection just by loading yahoo.com.
JS exploits and malware written in JS are common, but so far I haven't seen CSS used to infect systems, just steal data/log keystrokes and add a lot of privacy concerns which is bad enough. I'm already keeping an eye out for a CSS blocker that will only allow a sane subset of CSS and block or limit externally hosted resources.