Spook.js - This will bloat Chrome even more | The Backend Engineering Show - podcast episode cover

Spook.js - This will bloat Chrome even more | The Backend Engineering Show

The Backend Engineering Show with Hussein Nasser
Sep 13, 202118 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Spook.js is a new transient execution side channel attack which targets the Chrome web browser. We show that despite Google's attempts to mitigate Spectre by deploying Strict Site Isolation, information extraction via malicious JavaScript code is still possible in some cases.

Resources

https://www.spookjs.com/

https://www.chromium.org/developers/design-documents/site-isolation

Paper: https://www.spookjs.com/files/spook-js.pdf

Chapters

0:00 Process Isolation in Chrome

8:00 Spook.js subdomain Attack

12:00 Spook.js Extension Attack

13:00 Summary

Become a Member on YouTube

https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join

🔥 Members Only Content

https://www.youtube.com/playlist?list=UUMO_ML5xP23TOWKUcc-oAE_Eg

Support my work on PayPal

https://bit.ly/33ENps4

🧑‍🏫 Courses I Teach

https://husseinnasser.com/courses

For the best experience, listen in Metacast app for iOS or Android