Security News > 2021 > September > New SpookJS Attack Bypasses Google Chrome’s Site Isolation Protection

A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers and leak sensitive data in a Spectre-style speculative execution attack.

Dubbed "Spook.js" by academics from the University of Michigan, University of Adelaide, Georgia Institute of Technology, and Tel Aviv University, the technique is a JavaScript-based line of attack that specifically aims to get around barriers Google put in place after Spectre, and Meltdown vulnerabilities came to light in January 2018, thereby potentially preventing leakage by ensuring that content from different domains is not shared in the same address space.

"An attacker-controlled webpage can know which other pages from the same websites a user is currently browsing, retrieve sensitive information from these pages, and even recover login credentials when they are autofilled," the researchers said, adding "The attacker can retrieve data from Chrome extensions if a user installs a malicious extension."

"These attacks use the speculative execution features of most CPUs to access parts of memory that should be off-limits to a piece of code, and then use timing attacks to discover the values stored in that memory," Google noted.

With the feature enabled, Chrome browser versions 67 and above will load each website in its own process, and as a result, thwart attacks between processes, and thus, between sites.

In response to the findings, the Chrome Security Team, in July 2021, extended Site Isolation to ensure that "extensions can no longer share processes with each other," in addition to applying them to "sites where users log in via third-party providers.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/6BCg_n44FJA/new-spookjs-attack-bypasses-google.html