Spook JS Chrome exploit

Donate to Geekzone | Sharesies | MightyApe | GoodSync | Backblaze backup

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Forums › Desktop computing › Spook JS Chrome exploit - beware

timmmay

18575 posts

Uber Geek

Trusted

Subscriber

#289590 14-Sep-2021 18:21

Best close all those tabs when you access important services like internet banking.

https://www.spookjs.com/

Spook.js is a new transient execution side channel attack which targets the Chrome web browser. We show that despite Google's attempts to mitigate Spectre by deploying Strict Site Isolation, information extraction via malicious JavaScript code is still possible in some cases.

More specifically, we show that an attacker-controlled webpage can know which other pages from the same websites a user is currently browsing, retrieve sensitive information from these pages, and even recover login credentials (e.g., username and password) when they are autofilled. We further demonstrate that the attacker can retrieve data from Chrome extensions (such as credential managers) if a user installs a malicous extension.

Lias

4884 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#2778402 14-Sep-2021 18:52

Oooof

I'm a geek, a gamer, a dad and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it.

News and reviews »

Google Bringing First Cloud Region to Aotearoa New Zealand
Posted 10-Aug-2022 08:51

ANZ To Move to FIS Modern Banking Platform
Posted 10-Aug-2022 08:28

GoPro Hero10 Black Review
Posted 8-Aug-2022 17:41

Amazon to Acquire iRobot
Posted 6-Aug-2022 11:41

Samsung x LIFE Picture Collection Brings Iconic Moments in History to The Frame
Posted 4-Aug-2022 17:04

Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Posted 4-Aug-2022 16:50

Microsoft Announces New Solutions for Threat Intelligence and Attack Surface Management
Posted 3-Aug-2022 21:54

Seagate Addresses Hyperscale Workloads with Enterprise-Class Nytro SSDs
Posted 3-Aug-2022 21:50

Visa Launching Eco-friendly Payment Solutions in New Zealand
Posted 3-Aug-2022 21:48

NCR Delivers Services to Run Bank of New Zealand ATM Network
Posted 30-Jul-2022 11:06

New HP Portfolio Supports New Era of Hybrid Work
Posted 28-Jul-2022 17:14

Harman Kardon Launches Citation MultiBeam 1100 Soundbar
Posted 28-Jul-2022 17:10

Nanogirl Labs Launches Creator Project
Posted 28-Jul-2022 17:05

Marvel Snap Launches as an Action Collectible Card Game
Posted 26-Jul-2022 17:46

Jabra Talk 65 Review
Posted 26-Jul-2022 17:31

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

RSS feeds: Main feed; Forums feed

Site features: Geekzone BI dashboard; Geekzone Badges; Geekzone Slack; Geekzone on Twitter

Affiliate links: Mighty Ape; Sharesies

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising; Trademark and copyright

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.