Chrome gets Spooked
Share this:
A newly found side-channel attack targeting Google Chrome might allow an attacker to use a Spectre-style attack to bypass the web browser’s security protections and extract sensitive information. Spook.js is a novel transient execution side-channel attack that specifically targets Chrome.
An attacker-controlled webpage can learn which other pages from the same website a user is presently viewing, collect sensitive information from these pages, and even recover auto-filled login credentials. If a user downloads a malicious extension, the attacker may obtain data from Chrome extensions.
Strict Site Isolation was implemented by Google Chrome, which prohibits several web pages from sharing the same process. It also divided each process’s address space into separate 32-bit sandboxes. Site Isolation is a Chrome security feature that provides extra protection against some sorts of security vulnerabilities making unworthy sites to be blocked fr loading.
Despite these safeguards, Spook.js,shows that these countermeasures are insufficient in order to protect users from browser based speculative execution attacks. Chrome Strict Site Isolation implementation consolidates webpages based on their eTLD+1 domain, allowing an attacker controlled page to extract sensitive information from pages on other subdomain and bypassing Sandboxing feature.
Web developers can immediately separate untrusted, user-supplied JavaScript code from all other content for their website, hosting all user-supplied JavaScript code at a domain that has a different eTLD+1. Strict Site Isolation will not consolidate attacker supplied code with potentially sensitive data into the same process, putting the data out of reach even for Spook.js as it cannot cross process boundaries.
