Date: Mon, 13 Sep 2021 17:15:23 GMT
<p>Spook.js is a new transient execution side channel attack which targets the Chrome web browser. We show that despite Google's attempts to mitigate Spectre by deploying Strict Site Isolation, information extraction via malicious JavaScript code is still possible in some cases.</p> <p>Resources</p> <p>https://www.spookjs.com/</p> <p>https://www.chromium.org/developers/design-documents/site-isolation</p> <p>Paper: https://www.spookjs.com/files/spook-js.pdf</p> <p>Chapters</p> <p>0:00 Process Isolation in Chrome</p> <p>8:00 Spook.js subdomain Attack</p> <p>12:00 Spook.js Extension Attack</p> <p>13:00 Summary</p> <p>Become a Member on YouTube</p> <p>https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join</p> <p>🔥 Members Only Content</p> <p>https://www.youtube.com/playlist?list=UUMO_ML5xP23TOWKUcc-oAE_Eg</p> <p>Support my work on PayPal</p> <p>https://bit.ly/33ENps4</p> <p>🧑🏫 Courses I Teach</p> <p>https://husseinnasser.com/courses</p>