HomeUpdate14 New Cross-Site Leaks Attacks Have Been Identified

14 New Cross-Site Leaks Attacks Have Been Identified

-

We independently research, test, review, and recommend the best products—learn more about our process. If you buy something through our links, we may earn a commission. learn more

Last Updated on 06/02/2022 by Riya

Cross-site exposures, or XS-Leaks, are 14 new sorts of cyberattacks against web browsers uncovered by IT security specialists. A rogue website can leverage XS-Leaks to steal personal information from users by connecting with other websites in the background.

Ruhr-Universität Bochum (RUB) and Niederrhein University of Applied Sciences researchers investigated how well 56 browser and operating system pairings defend against 34 different XS-Leaks.

To accomplish this goal, they established the website XSinator.com, which enabled them to check browsers for these flaws instantly. A vast amount of XS-Leaks was discovered in popular browsers including Chrome and Firefox. “XS-Leaks are typically browser problems that the manufacturer must address,” adds Lukas Knittel, one of the paper’s Bochum writers.

The study results were reported online and at the “ACM Conference on Computer and Communications Security,” which had been hosted virtually in mid-November 2021. Professor Marcus Niemietz of the Niederrhein University of Applied Sciences, Lukas Knittel, Dr. Christian Mainka, Dominik Noß, Professor Jörg Schwenk of the Horst Görtz Institute for IT-Security at RUB won a Best Paper Honor for their research at the event.

The research was conducted as part of the “CASA – Cyber Security in the Age of Large-Scale Threats” Cluster of Excellence.The same policy, one of a browser’s key protections against various forms of vulnerabilities, is circumvented by XS-Leaks.

The same-origin principle is in place to protect data from being taken from a reputable website. Attackers can still identify particular, minor features of a site in the context of XS-Leaks.

If these details are associated with personal information, that information may be exposed. Messages in a webmail inbox could be accessed from a phishing website since the search tool behaves differently based on whether or not there are any results for a search keyword.

Riya
Riya
Riya is a technology enthusiast and an avid researcher. She writes about consumer tech, hacking, and technology consumer issues at TheDigitalHacker.
- Advertisment -

Must Read

edge-ai

Challenges and Opportunities in Deploying AI Solutions in Edge Computing Environments

0
Edge AI is a ground-breaking new paradigm that has the potential to completely change how companies run. Organizations can seize new chances for creativity,...