Twitter | Search | |
Hacker Fantastic
Blackhats will be weaponizing spectre to steal session cookies from additional websites opened in the browser, especially financial sites. Enable site isolation in Chrome now.
Reply Retweet Like More
Akshet Jan 4
Replying to @hackerfantastic
AFAICT site isolation doesn't fix this problem because the attacker can always include an image tag with src to a target site and that will cause a GET and add the cookie to the renderer memory which they can then get their hands on. See:
Reply Retweet Like
Hacker Fantastic Jan 4
Replying to @Akshet
It won't because it will be in its own process for the target site rendering, Google are recommending the same step, post PoC if you can violate it.
Reply Retweet Like
Vinny Troia Jan 4
How would you steal a session cookie from a site without having some sort of execution ability on the server to begin with?
Reply Retweet Like
Hacker Fantastic Jan 4
It works in the browser via JavaScript all you need is victim to click on a link. It's a disaster.
Reply Retweet Like