New issue
Advanced search Search tips

Issue 817028 link

Starred by 2 users
Status: Duplicate
Merged: issue 74987
Owner: ----
Closed: Feb 2018
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: uncovering a user's browsing history via cache timing attack

Reported by victor.g...@gmail.com, Feb 27 2018 
VULNERABILITY DETAILS
It's possible to uncover a user's browsing history by analyzing the loading time of the probe images from the websites. If the user has visited a website, the image (like a logo) from the web page is in the browser's cache, so onload event fires significantly faster than the cold request.

VERSION
Chrome Version: 64.0.3282.186 (Official Build) (64-bit) STABLE
Operating System: macOS High Sierra 10.13.3 (17D102)

REPRODUCTION CASE
1. Clear the browser's cache;
2. Visit a test website (https://telegram.org for instance)
3. Run the attached HTML file.
4. Look at the console log output. It should print: "Telegram.org true".

You may need to adjust the THRESHOLD_MS param.
t.html
1.5 KB View Download

Comment 1 by elawrence@chromium.org, Feb 27 2018

Components: Internals>Network>Cache Privacy
Mergedinto: 74987
Status: Duplicate (was: Unconfirmed)
Unfortunately, there's no practical means of addressing this short of wrecking performance. Careful use of Incognito/Guest Mode can mitigate the impact of cache timing attacks.
Project Member

Comment 2 by sheriffbot@chromium.org, Jun 6 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment