Without Site Isolation, the contents of the JSON file would make it to the renderer process’s memory, at which point the renderer notices that it is not a valid image format and doesn’t render an image. CORS doesn’t explicitly allow access to the documentĭocuments that are blocked by this policy are presented to the process as empty, although the request still happens in the background.įor example: Imagine an attacker creating an tag that includes a JSON file with sensitive data, like.They have either a X-Content-Type-Options: nosniff HTTP response header, or a quick content analysis (“ sniffing”) confirms that the type is correct.They have an HTML, XML, JSON, or text/plain MIME type, and.The cross-site document blocking policy prevents a process from receiving “documents” from other origins if: Resources include things like images, JavaScript, CSS and fonts. A website is able to receive documents from its own domain or from other domains with permissive CORS headers. Here, documents are HTML, XML, JSON, and text files. To help prevent sensitive information from leaking this information, Site Isolation includes a “ cross-site document blocking” feature that limits which network responses are delivered to the renderer process.Ī website can request two types of data from a server: “documents” and “resources”.
These two terms refer to the same concept.Įven when all cross-site pages are put into separate processes, pages can still legitimately request some cross-site subresources, such as images and JavaScript. The Chrome team has been working on a feature to achieve this called “ Site Isolation”:Īfter the publication of this document, Cross-Site Document Blocking was renamed to Cross-Origin Read Blocking.
The impact of successfully exploiting Spectre can be greatly reduced by preventing sensitive data from ever sharing a process with attacker-controlled code. There are multiple efforts the Chrome and V8 engineering team is deploying to mitigate this threat. If a website contains user-specific data, there is a chance that another site could use these new vulnerabilities to read that user data. This can happen when one has opened the other using window.open, or, or iframes. Sometimes, multiple documents from different sites can end up sharing a process in Chrome. If you are interested in how these vulnerabilities can be exploited, I recommend taking a look at the blog post by my colleagues from the Google Cloud team.īoth Meltdown and Spectre potentially allow a process to read memory that it is not supposed to be able to. There have been a wide variety of explanations of these vulnerabilities, so I am not going to add yet another one. If you are wondering why these steps help, read on! # The risk Enable Site Isolation and let the Chrome team know if it causes problems for your site.Make sure your MIME types are correct and specify an X-Content-Type-Options: nosniff header for any URLs with user-specific or sensitive content, to get the most out of Cross-Origin Read Blocking for users who have Site Isolation enabled.Where possible, prevent cookies from entering the renderer process' memory by using the SameSite and HTTPOnly cookie attributes, and by avoiding reading from okie.If you are a web developer, the Chrome team advises: In addition, Chrome users can consider enabling Site Isolation. What is Chrome doing to help keep the web secure, and what should web developers do for their own sites? # TL DRĪs a user browsing the web, you should make sure you keep your operating system and your browser updated. These vulnerabilities have been named Spectre and Meltdown. On January 3rd Project Zero revealed vulnerabilities in modern CPUs that a process can use to read (at worst) arbitrary memory - including memory that doesn’t belong to that process.
0 kommentar(er)
