wiki icon indicating copy to clipboard operation
wiki copied to clipboard
verified publisher icon xsleaks

Add Size Leaks

Open manuelvsousa opened this issue 5 years ago • 2 comments

Size Leaks are very important XS-Leaks. They are often addressed in the browser when researchers find exact ways to leak the size. Some mechanisms that still work:

Fixed, but relevant works (we should document them):

  • Flash Size Leaks. Flash is going to be removed by the end of the year Ref1, Ref2 (currently is under strict user permissions)
  • Attackers could abuse the way browsers use cache limits (Ref1 & Ref2) to predict the size of a resource using Cache API (Ref1 & Ref2). Browsers fixed this issue by adding random noise (Ref1-Chrome & Ref2-Firefox)
  • Video and Audio Parsing. This also involves CORB and CORP.
  • HEIST. I believe the fix was the same as the one in cache limits Ref1 & Ref2)

manuelvsousa avatar Oct 02 '20 01:10 manuelvsousa

@manuelvsousa did "HEIST" get fixed it seems like window navigations should bypass "SameSite cookies" from https://github.com/w3c/resource-timing/issues/64#issuecomment-242785022 Considering the SharedArrayBuffer can be used to create a high precision clock https://github.com/whatwg/storage/issues/31 may not be enough to prevent this. https://xsleaks.dev/docs/attacks/timing-attacks/network-timing/#unload-events

NDevTK avatar May 26 '21 15:05 NDevTK

Created https://github.com/xsleaks/wiki/pull/114 for compression attacks.

NDevTK avatar Jun 20 '21 16:06 NDevTK