Researchers from Niederrhein University and Ruhr-Universität Bochum (RUB) have discovered 14 new cross-site data leaks (XS-Leaks) attacks targetting a wide range of modern web browsers. The browsers affected include Microsoft Edge, Google Chrome, Opera, Apple Safari, Tor Browser, and Mozilla Firefox among many others.
The researchers discovered the leaks by testing how well 56 browsers and operating systems were protected against 34 XS-Leaks. The researchers’ website, XSinator.com, scanned the browsers for leaks and found that a wide number of modern browsers were vulnerable to a large amount of XS-Leaks.
The researchers have said that XS-Leaks are “a significant threat to Internet privacy since simply visiting a web page may reveal if the victim is a drug addict or leak a sexual orientation. Numerous different attack vectors, as well as mitigation strategies, have been proposed, but a clear and systematic understanding of XS-Leak’ root causes is still missing.”
To mitigate attacks the researchers suggest taking measures such as turning on first-party isolation in Firefox or Intelligent Tracking Prevention in Safari and denying all event handler messages and applying global limit restriction as well.
The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY
Follow Us
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
This site uses functional cookies and external scripts to improve your experience.
Privacy Settings / PENDING
This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.
NOTE: These settings will only apply to the browser and device you are currently using.
GDPR Compliance

source

You May Also Like

New “initial access broker” working with Conti gang

Google’s Threat Analysis Group (TAG) has new initial access broker that it…

DDoS attack hits Ukraine Defence and Bank Networks

The attacks knocked out the Ukrainian defence ministry’s website and two bank…