Researchers from Niederrhein University and Ruhr-Universität Bochum (RUB) have discovered 14 new cross-site data leaks (XS-Leaks) attacks targetting a wide range of modern web browsers. The browsers affected include Microsoft Edge, Google Chrome, Opera, Apple Safari, Tor Browser, and Mozilla Firefox among many others.
The researchers discovered the leaks by testing how well 56 browsers and operating systems were protected against 34 XS-Leaks. The researchers’ website, XSinator.com, scanned the browsers for leaks and found that a wide number of modern browsers were vulnerable to a large amount of XS-Leaks.
The researchers have said that XS-Leaks are “a significant threat to Internet privacy since simply visiting a web page may reveal if the victim is a drug addict or leak a sexual orientation. Numerous different attack vectors, as well as mitigation strategies, have been proposed, but a clear and systematic understanding of XS-Leak’ root causes is still missing.”
To mitigate attacks the researchers suggest taking measures such as turning on first-party isolation in Firefox or Intelligent Tracking Prevention in Safari and denying all event handler messages and applying global limit restriction as well.
