New CPU side-channel attack takes aim at Chrome’s Site Isolation feature

The Record -

A team of academics from universities in Australia, Israel, and the US has successfully mounted CPU side-channel attacks that recover data from Google Chrome and Chromium-based browsers protected by the Site Isolation feature.

Named Spook.js, the discovery is related to the Meltdown and Spectre attacks disclosed in January 2018, two CPU design flaws that could allow malicious code running on a processor to retrieve data from other apps or from secure areas of a CPU.

While only demonstrated at a theoretical level, both attacks showed that the current design of modern CPUs did not take security seriously. While Intel and AMD committed to altering their future CPU designs to incorporate more security features, software vendors also responded by hardening their applications in order to prevent easy exploitation.

Among the first to do so was Google, which chose to add a new feature inside Chrome named Site Isolation. This feature works by separating JavaScript code on a

The post New CPU side-channel attack takes aim at Chrome’s Site Isolation feature was first published at The Record.

Read More.....