Spook.js attack bypasses Strict Site Isolation in Chrome to steal passwords

Found 5 days ago at Betanews

Rolled out by Google in response to the Spectre security flaw, Strict Site Isolation is supposed to prevent unauthorized data theft. But the researchers found that malicious JavaScript code can be used to grab data such as passwords from other tabs. The attack has been found to affect Intel processors and Apple devices with M1 chips ; AMD chips are also thought to be at risk, but this is yet to be...

Read the article at Betanews

More Developer News