Chrome Extension Protects Against JavaScript-Based CPU Side-Channel Attacks

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A team of academics has created a Chrome extension that can block side-channel attacks that use JavaScript code to leak data from a computer's RAM or CPU.

The extension's name is Chrome Zero and is currently only available on GitHub, and not through the official Chrome Web Store.

Researchers created the extension to rewrite and protect JavaScript functions, properties, and objects that are often used by malicious JavaScript code aimed at leaking CPU or memory data.
Click to expand...

Extension blocks 11 JavaScript-based side-channel attacks
Experts say that currently there are eleven state-of-the-art side-channel attacks that can be performed via JavaScript code running in a browser.

Each attack needs access to various local details, for which it uses JavaScript code to leak, recover, and gather the needed information before mounting the actual side-channel attack.

After looking at each of the eleven attacks, researchers say they've identified five main categories of data/features that JavaScript side-channel attacks attempt to exploit: JS-recoverable memory addresses, accurate timing (time difference) information, the browser's multithreading (web workers) support, data shared among JS code threads, and data from device sensors.

JS-zero-attacks-table.png


The Chrome Zero extension works by intercepting the JavaScript code the Chrome browser is supposed to execute and rewriting certain JavaScript functions, properties, and objects in a wrapper that neutralizes its negative effects, which a side-channel attack would try to leverage.
Click to expand...
Chrome Zero has a minimum performance impact
Experts said that despite the extension's intrusive behavior, tests showed a minimum performance impact of only 1.54% on resource usage, and an indiscernible page loading latency ranging from 0.01064s and 0.08908s —depending on the number of protection policies active at runtime.
Click to expand...

How to install Chrome Zero
Since the extension is not yet on the Chrome Web Store, users can install it by (1) downloading the extension's source code from GitHub, (2) going to Chrome's extensions management page (chrome://extensions), (3) enabling "Developer Mode," (4) clicking "Load Unpacked," and (5) selecting the folder "/chromezero" from inside the extension's source code.

Chrome-Zero-installation.png


...
.....
..
......
Click to expand...
 
  • Like
Reactions: harlan4096
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • Applause
'METIOR' Defense Blueprint Against Side-Channel Vulnerabilities Debuts
Replies
0
Views
814
News Archive
silversurfer
silversurfer
silversurfer
    • +Reputation
    • Like
    • Wow
Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data
Replies
0
Views
1,393
News Archive
silversurfer
silversurfer
Gandalf_The_Grey
    • Wow
    • Like
    • +Reputation
Intel CPUs vulnerable to new transient execution side-channel attack
Replies
2
Views
1,292
News Archive
HarborFront
H

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top