Browsers & browsing history: released 4 0day


Browsers & browsing history: A team of researchers from Stanford and San Diego Universities have published a survey for Browser history re: visited.

The researchers, with their study, reveal to the public four new and functional attacks through browsers' browsing history.
Browsers

Leak attacks affect all modern browsers that do not prevent your browsing history from being saved. In short, Firefox, Chrome, Internet Explorer and Microsoft Edge are vulnerable applications while Tor Browser is not.

Most web browsers record the websites they visit by default. It is a feature that is used for ease by the browser. When users type in the address bar browsers remember the exact address and even suggest it in an autofill function.

Let's look at the attacks on your browsing history

The first attack discovered by the researchers uses the CSS Paint API to determine if a particular URL was visited by the user.

The second attack uses 3D CSS transformations, a technique released with CSS 3. An attacker collects 3D CSS and transforms them into other CSS to create login information.

The third attack uses SVG images and the CSS fill rule. The attack uses an SVG image inside a login element and a "set of CSS fill rules".

The fourth and last attack uses Chrome's bytecode cache to determine whether a JavaScript source file has previously been loaded into the browser.

All four attacks have one audience: they must specify the URLs to control them. None of them can retrieve a user's entire browsing history.

How effective are these attacks? Researchers say one of these attacks can determine the 6000 address status per second.

Researchers have reported vulnerabilities to browser developers, but it will take months to get the necessary fixes.

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.

____________________


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news