[WEB SECURITY] fast and sort-of-reliable cache timing

Michal Zalewski lcamtuf at coredump.cx
Sat Dec 3 05:13:12 EST 2011


> Definitely interesting. Despite the disclaimer, your hack also works well on
> Chrome.

It may be by accident, but I don't think it works reliably; it was
returning some false positives / false negatives for me. I have a
Chrome variant that I started working on and that behaves well on one
of my systems, but not yet on the other - check out chrome.html in the
same directory if you're interested.

In general, though, doing this in any browser is just a matter of
investing few extra hours to fine-tune the navigation timings; the
basic premise of being able to abort the request when you don't detect
cache hit (indicated through a SOP exception on an <iframe>) within
several milliseconds of starting navigation... that seems to work
everywhere.

/mz




More information about the websecurity mailing list