A set of features meant to speed up web page loading in chrome contained a bug that allowed attackers to bypass the browser’s Site Isolation feature, a security researcher has discovered.
Chrome uses same origin policy to prevent websites from accessing each other’s data inside the browser, but sometimes, subtle security bugs such as Spectre open pathways to bypassing these policies.
Site isolation
Site Isolation is an additional line of defense that protects browsers against such threats. Introduced to Google chrome in 2018 and replicated in last month’s Firefox releases , Site Isolation means documents from different websites are rendered independently rather than in a shared process.
Service worker contracts bug
A service worker is javascript code that runs in the background, separate from the web page, and supports functions that don’t require user interaction such as push notifications and background sync.
Trending cyber news 