Spook.js: Chrome is Threatened by a New Spectre Like Attack – E Hacking News
An attacker-controlled webpage can learn which other pages from the same website a user is presently viewing, collect sensitive information from these pages, and even recover auto-filled login credentials (e.g., username and password). If a user downloads a malicious extension, the attacker may obtain data from Chrome extensions (such as credential managers).
Spectre, which made news across the world in 2018, makes use of vulnerabilities in contemporary CPU optimization features to get around security measures that prohibit separate programmes from accessing one other’s memory space. This enabled attackers to steal sensitive information across several websites by attacking how different applications and processes interact with processors and on-chip memory, allowing a wide range of attacks against different types of applications, including web apps.
Strict Site Isolation was implemented by Google Chrome, which prohibits several web pages from sharing the same process. It also divided each process’s address space into separate 32-bit sandboxes (despite being a 64-bit application).
Site Isolation is a Chrome security feature that provides extra protection against some sorts of security vulnerabilities. It makes it more difficult for websites that aren’t trustworthy to get access to or steal information from your accounts on other websites.
Despite these safeguards, Spook.js, according to researchers from the University of Michigan, University of Adelaide, Georgia Institute of Technology, and Tel Aviv University, “shows that these countermeasures are insufficient in order to protect users from browser-based speculative execution attacks.”