Security News > 2022 > May > Google starts testing fenced frames to guard its Privacy Sandbox

Google starts testing fenced frames to guard its Privacy Sandbox
2022-05-03 07:29

Google in the next few days plans to begin testing fenced frames, a proposed web API to help its Privacy Sandbox ad technologies meet commitments to privacy of a sort.

Fenced frames are designed to take the place of inline frames, or iframes, for specific scenarios like delivering interest-based ads without betraying interest data to the web page in which they're embedded.

Fenced frames are an essential part of Google Privacy Sandbox vision because they're the mechanism that, hopefully, will deny data accessible to one web domain from being piped to a different web domain.

The section on Privacy Considerations in fenced frames points out that it may be useful to share some data across the so-called fence.

The IntersectionObserver API, used for determining how page elements overlap - e.g. detecting when display ads are obscured - has the potential to be used for repositioning frames to communicate a user identifier to a fenced frame.

So fenced frames have to limit the scope of that API. Then there are concerns about side channel communication that's possible over the network, via data derived from URL navigation, or the way permissions get delegated among top-level frames and embedded contexts.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/03/google_fenced_frames/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 253 4216 4506 727 9702