"14 New Attacks on Web Browsers Detected"

Researchers from the Ruhr University Bochum (RUB) and Niederrhein University of Applied Sciences have discovered 14 new types of attacks on web browsers. These attacks are known as cross-site leaks (XS-Leaks). Through the use of XS-Leaks, a malicious website can collect visitors' personal data by interacting with other websites in the background. The researchers looked at the protection of 56 combinations of web browsers and operating systems against 34 different XS-Leaks. They developed the XSinator.com tool to automatically scan browsers for these leaks. Chrome, Firefox, and other popular browsers were found to be vulnerable to a considerable number of XS-Leaks. The group systematically analyzed XS-Leaks by first identifying three characteristics of such attacks. Based on these characteristics, they derived a formal model that helps gain further understanding of XS-Leaks and detect new attacks. The identification of the 14 new attack categories resulted from this systematic search for new attacks. This article continues to discuss how XS-Leaks work and the website developed by the researchers to analyze many different combinations of browsers and operating systems for their vulnerability to these attacks.

RUB reports "14 New Attacks on Web Browsers Detected"