Home > Cyber News > Spook.js: New Spectre-Like Attack Endangers Chrome, Chromium-Based Browsers

Spook.js: New Spectre-Like Attack Endangers Chrome, Chromium-Based Browsers

Spook.js-New Spectre-Like Attack Endangers the Chrome Browser-sensorstechforum

A team of scholars from universities in Australia, Israel, and the United States has created a new side-channel attack that targets Google Chrome’s Site Isolation feature. The attack, called Spook.js, is a new transient execution side channel exploit targeting Chrome and Chromium-based browsers, showing that Google’s attempts to mitigate Spectre have not been entirely successful.

The Spook.js Attack Explained

“More specifically, we show that an attacker-controlled webpage can know which other pages from the same websites a user is currently browsing, retrieve sensitive information from these pages, and even recover login credentials (e.g., username and password) when they are autofilled. We further demonstrate that the attacker can retrieve data from Chrome extensions (such as credential managers) if a user installs a malicous extension,” the team said in their report.

The discovery is related to the Meltdown and Spectre exploits, the CPU design flaws that enabled malicious code running on a processor to recover data from other apps or even from secure CPU areas. The security vulnerabilities affect whole generations of computers and devices of all types that use specific chips (an Intel processor or an Apple device with the M1 chip). The flaws could allow attackers to break down the fundamental isolation between user applications and the operating system. The information being processed by the computers could then be leaked to attackers.

Site Isolation: Not Enough

To mitigate the flaws, Google added the so-called Site Isolation, enabled in all versions since Chrome 67. Prior to those events, the feature was available as an optional function that users needed to enable manually.

The addition of this mechanism changed Google Chrome’s underlying architecture into limiting the way different sites are processed. By design, the browser featured a multi-process operation which defined each tab to a separate rendered process. The different tabs could even switch processes when navigating to a new site in certain situations. However, the Spectre vulnerability proof-of-concept attacks revealed a hypothetical attack model. It allowed potential threat actors to construct malicious pages revealing sensitive data.

In other words, despite the attacks were demonstrated only theoretically, they showcased the design weakness of modern CPUs in terms of security.

How Does Spook.js Work?

Shortly said, the team of academics that came up with the Spook.js attack concept noticed that the current Site Isolation mechanism doesn’t separate subdomain, which is another design flaw.

“Spook.js exploits this hole in the Site Isolation design, which apparently Google knows, but about which it also can’t do anything about, since separating JavaScript code at the subdomain level would also cripple about 13.4% of all internet sites,” TheRecord pointed out.

Basically, Spook.js is a JavaScript tool that can cause Spectre-like side-channel attacks against Crome and Chromium-based browsers, running on Intel, AMD, and Apple M1 processors. As already mentioned, Spook.js only fetches that from the same subdomains as the site under attack. Furthermore, the tool only woks if the threat actor successfully plants their specific code on the targeted site. Even though this may sound like an obstacle, it truly isn’t, as many websites allow users to create subdomains and run their own JavaScript code, including Tumblr, GitHib, BitBucket, among others.

There’s also the possibility for sites to be hacked, but the research team didn’t go that far for ethical research norms. Nonetheless, this scenario should also be taken into consideration, they said.

If you are interested, you can also have a look at the proof-of-concept available on GitHub.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree