Chrome Zero: Extension of Chrome blocks data leaks

Chrome Zero: A team of academics has managed to create a Chrome extension that can block side-channel attacks that use JavaScript code to from a computer's RAM or CPU.

The name of the extension is Chrome Zero and is currently only available in GitHub and not through the official Chrome Web Store.Chrome Zero

The researchers created the extension to rewrite and protect the functions, properties, and JavaScript objects most frequently used by each JavaScript code aimed at leaking data from the CPU or RAM.

Analysis

Experts report that there are currently eleven state-of-the-art side-channel attacks that can be executed via JavaScript code running in a program s.

Each attack needs access to various local details, and uses JavaScript code to leak, retrieve and gather the necessary information before starting with attack from a side-channel.

After examining each of them, researchers have identified five main categories of data / features that are being exploited by side-channel JavaScript attacks: memory addresses retrieved by JS, exact timing information, web workers, data that shared between the JS code and data from the device sensors.

How Extension works

The Chrome Zero extension essentially hacks the JavaScript code that is going to run through Chrome to rewrite certain JavaScript functions, properties, and objects by negating the negative some side-channel attack.

Experts said that despite the intrusive behavior of the extension, testing showed little impact on browser performance by using only 1,54% of resources and causing a delay in loading the page ranging from 0,01064 to 0,08908 seconds depending on the number of policies applicable at the time of execution.

In addition, as a result of the protection measures of the expansion, the research team reports that Chrome Zero would be able to block the 50% of the Zero Day of Chrome that was detected from the Chrome 49 release onwards.

How to Install the Extension

As mentioned, the extension is not yet available through the Chrome Web Store. But you can easily install it:

Download the extension and from Chrome's extension management page (chrome://), by clicking “Load Unpacked”, select the “chromezero” folder from within the extension's source code.

More information is available in a paper entitled "JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks," presented end of February at the NDSS Symposium held in San Diego, California. The paper is available online from here and here, while the presentation video in NDSS is below:

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).