Description
The capabilities of websites have expanded significantly since the inception of the
World Wide Web. This development results in complex web apps handling enormous
amounts of sensitive data. Therefore, it is not sufficient for browser engines like WebKit
to protect only the rest of the system from web threats. They must also protect other
websites from being compromised while being mindful of the performance expected
by users.
Spectre attacks are a class of vulnerabilities that are especially difficult to mitigate
without causing severe performance regressions. One particularly effective defence
browsers employ against those threats is site isolation. This mitigation isolates websites
into different sandboxed web processes along certain security boundaries. In WebKit,
this security boundary is “same-site”, which divides websites into classes based on
registrable domains. However, previous research showed that malicious attackers can
gain control of vulnerable subdomains, which circumvents site isolation.
We investigate conditions for consolidating multiple browser windows into shared
web processes and the feasibility of leaking secrets from those other windows. Furthermore,
we evaluate a simulated attack that only requires an arbitrary read gadget with a
32-bit offset from a string to leak secrets from other windows in the same process.
|
