Faybert

Level 22
Verified
Malware Hunter
A team of academics has created a Chrome extension that can block side-channel attacks that use JavaScript code to leak data from a computer's RAM or CPU.

The extension's name is Chrome Zero and is currently only available on GitHub, and not through the official Chrome Web Store.

Researchers created the extension to rewrite and protect JavaScript functions, properties, and objects that are often used by malicious JavaScript code aimed at leaking CPU or memory data.

Extension blocks 11 JavaScript-based side-channel attacks
Experts say that currently there are eleven state-of-the-art side-channel attacks that can be performed via JavaScript code running in a browser.

Each attack needs access to various local details, for which it uses JavaScript code to leak, recover, and gather the needed information before mounting the actual side-channel attack.

After looking at each of the eleven attacks, researchers say they've identified five main categories of data/features that JavaScript side-channel attacks attempt to exploit: JS-recoverable memory addresses, accurate timing (time difference) information, the browser's multithreading (web workers) support, data shared among JS code threads, and data from device sensors.
....
....
Full article: Chrome Extension Protects Against JavaScript-Based CPU Side-Channel Attacks
 

HarborFront

Level 46
Verified
Content Creator
Using the latest Chrome browser version.

After adding Chrome Zero it cannot be enabled. There's a message

"This extension is not listed in the Chrome Web Store and may have been added without your knowledge"

:rolleyes:
 
  • Like
Reactions: Prorootect