Cross-site leaks - also referred to as "XS-Leaks" - is a category of issues in the design of the web which allows web apps to interact with each other, even when they are not related. This leads to user data being shared across web applications, which is a serious security breach. Noting the increase in security flaws which rely on cross-site leaks, Google has now announced a knowledge base so developers and security researchers better understand the problem and build defenses around it.
Dubbed "XS-Leaks Wiki", this repository of information contains articles which explain cross-site leaks, some common attacks which hinge upon this, and the defenses you can set up against them. Along with the details of each attack, proof-of-concept code is available as well.
Another goal of this knowledge base is also to help developers understand the various security features offered by browsers to protect against cross-site leaks, such as Cross-Origin Resource Policy and SameSite cookies.
Google hopes that making this knowledge base available to everyone will increase collaboration between the company, security researchers, and web developers. Building upon the years of experience offered by all involved parties, it aims to make the web safer for all users by protecting them against threats that utilize this behavior. You can find out more about cross-site leaks by visiting Google's dedicated website here or the associated GitHub repository here.
3 Comments - Add comment