Google launches XS-Leaks Wiki to secure the web against cross-site leaks

Cross-site leaks - also referred to as "XS-Leaks" - is a category of issues in the design of the web which allows web apps to interact with each other, even when they are not related. This leads to user data being shared across web applications, which is a serious security breach. Noting the increase in security flaws which rely on cross-site leaks, Google has now announced a knowledge base so developers and security researchers better understand the problem and build defenses around it.

Image via Rusbase

Dubbed "XS-Leaks Wiki", this repository of information contains articles which explain cross-site leaks, some common attacks which hinge upon this, and the defenses you can set up against them. Along with the details of each attack, proof-of-concept code is available as well.

Another goal of this knowledge base is also to help developers understand the various security features offered by browsers to protect against cross-site leaks, such as Cross-Origin Resource Policy and SameSite cookies.

Google hopes that making this knowledge base available to everyone will increase collaboration between the company, security researchers, and web developers. Building upon the years of experience offered by all involved parties, it aims to make the web safer for all users by protecting them against threats that utilize this behavior. You can find out more about cross-site leaks by visiting Google's dedicated website here or the associated GitHub repository here.

Report a problem with article
1607102243_img20201204171134
Next Article

Looking back at the 3DS: Nintendo's pillar in the early 2010s

1500635723_lib_2
Previous Article

Weekend PC Game Deals: Humble Choice goes Pro as a Witcher and more bundles land

3 Comments - Add comment

Advertisement