"Browser Bug Exposes User Data in Top Websites, NJIT Researchers Find"

Researchers at the New Jersey Institute of Technology (NJIT) discovered an unpatched security bug in most web browsers that allows hackers to monitor specific site visitors while leaving little evidence of a digital trail. The bug can be exploited using well-crafted code, which can, for example, wait for a targeted person to visit a website, record data about their clicks, and share that data with those who want to use it against the visitor. According to Reza Curtmola, professor of computer science affiliated with NJIT's Cybersecurity Research Center, whose team discovered the bug, the researchers essentially introduced new attacks aimed at achieving deanonymization on the web. Curtmola pointed out that certain categories of Internet users may be significantly impacted, such as people who organize and participate in political protests, journalists who report on controversial topics, or people who network with fellow members of a minority group. The method examines data in what is known as a leaky resource attack. When browsers receive requests from media services like YouTube, information flows through the processor side channel, which rarely provides adequate protection against eavesdroppers. To carry out such an attack, all the threat actors need is some identifying information about their target, such as the target's email address or Twitter handle. The attack can be executed in as little as three seconds. It has been tested on popular browsers such as Chrome, Firefox, Safari, and Tor, as well as media-focused websites including Facebook, Instagram, LinkedIn, Reddit, TikTok, Twitter, and YouTube. This article continues to discuss the NJIT researchers' study on targeted deanonymization via the cache side channel. 

NJIT reports "Browser Bug Exposes User Data in Top Websites, NJIT Researchers Find"