standards-positions icon indicating copy to clipboard operation
standards-positions copied to clipboard
verified publisher icon WebKit

TCP Socket Pool Limit Randomization

Open arichiv opened this issue 3 months ago • 4 comments

Title of the proposal

TCP Socket Pool Limit Randomization

Issue Tracker URL

https://crbug.com/415691664

TAG Design Review URL

https://github.com/w3ctag/design-reviews/issues/1151

Mozilla standards-positions issue URL

https://github.com/mozilla/standards-positions/issues/1299

Chromium Position

https://chromestatus.com/feature/6496757559197696

Description

By exploiting limits in the connection pool size on Chrome, knowledge can be gained about cross-site state which would otherwise be inaccessible. Specifically, it’s possible (with some statistical certainty) to evaluate the login state, visited history, or even something more specific like whether gmail has pending messages in the inbox.

To mitigate this we are adding randomization to the way that TCP socket pools are limited so that an observing site cannot infer this information with high certainty.

arichiv avatar Sep 15 '25 16:09 arichiv