Cross-site exposures, or XS-Leaks, are 14 new sorts of cyberattacks against web browsers uncovered by IT security specialists. A rogue website can leverage XS-Leaks to steal personal information from users by connecting with other websites in the background.
Ruhr-Universität Bochum (RUB) and Niederrhein University of Applied Sciences researchers investigated how well 56 browser and operating system pairings defend against 34 different XS-Leaks.
To accomplish this goal, they established the website XSinator.com, which enabled them to check browsers for these flaws instantly. A vast amount of XS-Leaks was discovered in popular browsers including Chrome and Firefox. “XS-Leaks are typically browser problems that the manufacturer must address,” adds Lukas Knittel, one of the paper’s Bochum writers.
The study results were reported online and at the “ACM Conference on Computer and Communications Security,” which had been hosted virtually in mid-November 2021. Professor Marcus Niemietz of the Niederrhein University of Applied Sciences, Lukas Knittel, Dr. Christian Mainka, Dominik Noß, Professor Jörg Schwenk of the Horst Görtz Institute for IT-Security at RUB won a Best Paper Honor for their research at the event.
The research was conducted as part of the “CASA – Cyber Security in the Age of Large-Scale Threats” Cluster of Excellence.The same policy, one of a browser’s key protections against various forms of vulnerabilities, is circumvented by XS-Leaks.
The same-origin principle is in place to protect data from being taken from a reputable website. Attackers can still identify particular, minor features of a site in the context of XS-Leaks.
If these details are associated with personal information, that information may be exposed. Messages in a webmail inbox could be accessed from a phishing website since the search tool behaves differently based on whether or not there are any results for a search keyword.