acm-header
Sign In

Communications of the ACM

ACM TechNews

New Attacks on Web Browsers Detected


XS-Leaks are often browser bugs that have to be fixed by the manufacturer, says Lukas Knittel of Germany's Ruhr-Universitt Bochum.

Credit: bleepingcomputer.com

Information technology scientists at Germany's Ruhr-Universität Bochum (RUB) and Niederrhein University of Applied Sciences detected 14 new types of Web browser-targeting cross-site leaks (XS-Leaks).

XS-Leaks circumvent the same-origin policy designed to prevent the theft of information from a trusted Website, allowing hackers to identify site details that are linked to personal data.

The researchers identified three defining XS-Leak characteristics and formalized a model for understanding the attacks, which also helps to detect new ones.

They developed the XSinator.com site to automatically scan browsers for XS-leaks, and tested 56 browser-operating system combinations against 34 known XS-Leaks.

RUB's Lukas Knittel said popular browsers such as Chrome and Firefox were susceptible to a large number of XS-Leaks.

From Ruhr-Universität Bochum (Germany)
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


 

No entries found