wiki icon indicating copy to clipboard operation
wiki copied to clipboard
verified publisher icon xsleaks

COOP does not fully mitigate Cross-window Timing attacks

Open Pedro-Bernardo opened this issue 8 months ago • 2 comments

The browser can only enforce COOP after it receives the response. If there is computation server-side based on request (user-dependent)-data, it is still possible to measure this difference in the exact same way as in the example i.e., polling window.origin of the window handler. Instead of an exception caused by the SOP, we get an exception caused by COOP enforcement but it is detectable nonetheless.

I believe the same reasoning can be applied to timeless timing attacks.

Pedro-Bernardo avatar Apr 21 '25 17:04 Pedro-Bernardo

COOP does not fully migrate attacks, it is still a defence since it stops attacks after the first complete navigation.

NDevTK avatar Apr 22 '25 17:04 NDevTK

COOP does not fully migrate attacks, it is still a defence since it stops attacks after the first complete navigation.

Hi NDevTK! I agree with you, COOP is still a valid defense for XS-Leaks that require a window handle (frame counting, XS-Search, etc.)

My point is that COOP is clearly listed in the "Network Timing" page [1,2] as a mitigation for "Cross-window Timing Attacks", which includes a code snippet as a proof-of-concept. COOP does not prevent the attack illustrated by that PoC, so my suggestion is to remove it as a valid defense for that specific attack in the table [2], since this could be misleading.

Cheers!

[1] - https://xsleaks.dev/docs/attacks/timing-attacks/network-timing/#cross-window-timing-attacks [2] - https://xsleaks.dev/docs/attacks/timing-attacks/network-timing/#defense

Pedro-Bernardo avatar Apr 23 '25 14:04 Pedro-Bernardo