[HN Gopher] Pool-Party: Exploiting Browser Resource Pools as Sid... ___________________________________________________________________ Pool-Party: Exploiting Browser Resource Pools as Side-Channels for Web Tracking Author : btdmaster Score : 31 points Date : 2022-10-22 16:55 UTC (6 hours ago) (HTM) web link (arxiv.org) (TXT) w3m dump (arxiv.org) | bluechair wrote: | Question: would introducing jitter into browser network requests | help mitigate these attacks in any way? | VWWHFSfQ wrote: | Maybe? But the browser artificially making requests slower than | they already are seems like a naive anti-solution. | kfarr wrote: | I was interested in an overview of how the attack works, here's a | copy / paste summary of a simplified example from the PDF: | | > For this toy example, assume a browser vendor wants to improve | performance by only allowing one video element to be loaded at a | time, across all sites. If a video is currently playing on any | page, the site will receive an error if it tries to play a new | video. Algorithm 1 presents a toy algorithm where by two | colluding sites can trivially transform this optimization choice | into a cross-site tracking mechanism. | | And later some examples of actual methods: | | > We were able to use the relatively large WebSockets connection | pool in Chromium- and Gecko-based browsers to conduct "poolparty" | attacks. Safari's WebSockets implementation was not exploitable, | since WebKit does not restrict how many WebSocket connections can | be opened simultaneously. Safari's implementation of the SSE API, | though, was previously exploitable before they fixed it. (Gecko's | implementation of the SSE API was not exploitable). Firefox alone | was vulnerable to the Web Workers form of the attack (a | surprising finding given that Tor Browser uses the same Gecko | engine). | CommitSyn wrote: | > Firefox alone was vulnerable to the Web Workers form of the | attack (a surprising finding given that Tor Browser uses the | same Gecko engine). | | Are Web Workers enabled by default in the Tor browser bundle, | and if so, what about the 'safest' setting? | [deleted] ___________________________________________________________________ (page generated 2022-10-22 23:00 UTC)