COOP does not fully mitigate Cross-window Timing attacks #181
Conversation
The browser can only enforce COOP after it receives the response. If there is computation server-side based on request (user-dependent)-data, it is still possible to measure this difference in the exact same way as in the example i.e., polling window.origin of the window handler. Instead of an exception caused by the SOP, we get an exception caused by COOP enforcement but it is detectable nonetheless. I believe the same reasoning can be applied to timeless timing attacks.
|
COOP does not fully migrate attacks, it is still a defence since it stops attacks after the first complete navigation. |
Hi NDevTK! I agree with you, COOP is still a valid defense for XS-Leaks that require a window handle (frame counting, XS-Search, etc.) My point is that COOP is clearly listed in the "Network Timing" page [1,2] as a mitigation for "Cross-window Timing Attacks", which includes a code snippet as a proof-of-concept. COOP does not prevent the attack illustrated by that PoC, so my suggestion is to remove it as a valid defense for that specific attack in the table [2], since this could be misleading. Cheers! [1] - https://xsleaks.dev/docs/attacks/timing-attacks/network-timing/#cross-window-timing-attacks |
2 participants
The browser can only enforce COOP after it receives the response. If there is computation server-side based on request (user-dependent)-data, it is still possible to measure this difference in the exact same way as in the example i.e., polling window.origin of the window handler. Instead of an exception caused by the SOP, we get an exception caused by COOP enforcement but it is detectable nonetheless.
I believe the same reasoning can be applied to timeless timing attacks.