Posted on 03/20/2021 11:35:15 AM PDT by Swordmaker
Security researchers from Cornell University have found a web browser attack that affects both macOS and Windows computers. Unlike other browser-based attacks, this one does not use JavaScript.
The hack is the first JavaScript-free browser side-channel attack ever discovered. Rather than using the popular scripting language, the exploit was built entirely with CSS and HTML.
Though new, Apple’s M1 chipset is not protected from this attack and maybe more vulnerable to this exploit, claim the researchers in a recently published paper (via AppleInsider).
It is described as being “architecturally agnostic” attacking Samsung, AMD, and even Apple’s new silicon, says The 8-Bit blog.
In fact, Apple’s M1 chipset may even be more vulnerable to this attack.
“Ironically, we show that our attacks are sometimes more effective on these novel CPUs by Apple and Samsung compared to their well-explored Intel counterparts, presumably due to their simpler cache replacement policies.”
Cornell University Researchers
This exploit is particularly effective as it will work even when a user locks down their browser by blocking JavaScript. It also ignores privacy technologies like Tor or a VPN that are meant to keep your browsing information safe.The vulnerability potentially could spy on a user’s web activity and share that information without the user’s consent or knowledge.
Most users believe they are always safe after blocking JavaScript and using a VPN, however, this attack shows that even these measures are not foolproof and may provide a false sense of security in some instances.
p
(even a VPN...)
Suggestions
Go to https://www.ccleaner.com/
Download the FREE CCleaner.
When installing CCleaner, DO NOT ALLOW any extras - included package such as Google Chrome or some anti-virus application, to also install.
You only want CCleaner.
So, when installing CCleaner, read each window (that you can) that presents info re the installing process.
You do not need CCleaner Pro, nor a “cloud” feature/connection.
CCleaner is valuable for one objective: cleaning cache files and removing run-of-the-mill cookies.
CCleaner documentation: https://www.ccleaner.com/docs
CCleaner settings: https://www.ccleaner.com/docs/ccleaner/ccleaner-settings
Run CCleaner at least once, every day that you use your Lenovo ThinkPad. Then restart your computer.
That’s what I think this is. . . an obscure vulnerability that could possibly be a risk. They say nothing about "exploits."
Kinda what I figured. It’s also FUD Season, especially that part about Apple’s M1 chips perhaps being more vulnerable. Apple is soon to announce new iMac and other hardware which is always preceded by a FUD Season.
What are they going to tell us to buy... they seem to say this will attack everything that uses a browser including probably a Commodore Vic 20...
Uh... ones that render HTML? They aren’t too keen on providing little niggling details such as what it does, how, on what browsers, etc. that’s why I’m not too worried... I think it’s a vulnerability without much specificity...
Well this is spooky!
Thanks, Swordmaker!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.