Spook.js is a new transient execution side channel attack which targets the Chrome web browser. We show that despite Google's attempts to mitigate Spectre by deploying Strict Site Isolation, information extraction via malicious JavaScript code is still possible in some cases.
Resources
https://www.spookjs.com/
https://www.chromium.org/developers/design-documents/site-isolation
Paper: https://www.spookjs.com/files/spook-js.pdf
Chapters
0:00 Process Isolation in Chrome
8:00 Spook.js subdomain Attack
12:00 Spook.js Extension Attack
13:00 Summary
Become a Member on YouTube
https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join
🔥 Members Only Content
https://www.youtube.com/playlist?list=UUMO_ML5xP23TOWKUcc-oAE_Eg
Support my work on PayPal
https://bit.ly/33ENps4
🧑🏫 Courses I Teach
https://husseinnasser.com/courses
The Backend Engineering Show with Hussein Nasser