logo
episode-header-image
Sep 2021
18m 5s

Spook.js - This will bloat Chrome even m...

Hussein Nasser
About this episode

Spook.js is a new transient execution side channel attack which targets the Chrome web browser. We show that despite Google's attempts to mitigate Spectre by deploying Strict Site Isolation, information extraction via malicious JavaScript code is still possible in some cases.

Resources

https://www.spookjs.com/

https://www.chromium.org/developers/design-documents/site-isolation

Paper: https://www.spookjs.com/files/spook-js.pdf

Chapters

0:00 Process Isolation in Chrome

8:00 Spook.js subdomain Attack

12:00 Spook.js Extension Attack

13:00 Summary

Become a Member on YouTube

https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join

🔥 Members Only Content

https://www.youtube.com/playlist?list=UUMO_ML5xP23TOWKUcc-oAE_Eg

Support my work on PayPal

https://bit.ly/33ENps4

🧑‍🏫 Courses I Teach

https://husseinnasser.com/courses

--- Support this podcast: https://anchor.fm/hnasr/support
Up next
Jun 13
kTLS - Kernel level TLS
Fundamentals of Operating Systems Course https://oscourse.winktls is brilliant.TLS encryption/decryption often happens in userland. While TCP lives in the kernel. With ktls, userland can hand the keys to the kernel and the kernel does crypto. When calling write, the kernel encryp ... Show More
22m 55s
May 9
The beauty of the CPU
If you are bored of contemporary topics of AI and need a breather, I invite you to join me to explore a mundane, fundamental and earthy topic.The CPU.A reading of my substack article https://hnasr.substack.com/p/the-beauty-of-the-cpu 
9m 38s
Apr 18
Sequential Scans in Postgres just got faster
This new PostgreSQL 17 feature is game changer. They know can combine IOs when performing sequential scan. Grab my database coursehttps://courses.husseinnasser.com 
27m 36s
Recommended Episodes
Oct 2023
Episode 39: The Art of Architectures
Episode 39: In this episode of Critical Thinking - Bug Bounty Podcast, We're catching up on news, including new override updates from Chrome, GPT-4, SAML presentations, and even a shoutout from Live Overflow! Then we get busy laying the groundwork on a discussion of web architect ... Show More
1h 21m
Nov 2021
Web Containers, StackBlitz, and Node.js in the Browser with Tomek Sulkowski
In this episode of Syntax, Scott and Wes talk with Tomek Sulkowski about web containers, StackBlitz and more! Freshbooks - Sponsor Get a 30 day free trial of Freshbooks at freshbooks.com/syntax and put SYNTAX in the “How did you hear about us?” section. LogRocket - Sponsor LogRoc ... Show More
55m 37s
Mar 2024
Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App
Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also tou ... Show More
1h 8m
Jul 2023
Episode 27: Top 7 Esoteric Web Vulnerabilities
Episode 27: In this episode of Critical Thinking - Bug Bounty Podcast, we've switched places and now Joel is home while Justin is on the move. We break down seven esoteric web vulnerabilities, and talk Cookies, Config File Injections, Client-side path traversals and more. We also ... Show More
1h 20m
Mar 2024
Linux Kernel Scheduler Developer | David Vernet
The linux kernel is something we all use but have you ever thought about what goes into it, well today we've got David Vernet on the show who has spent quite a bit of time focusing on one aspect, that being the scheduler. =========Guest Links========== Twitch: https://www.twi ... Show More
1h 55m
Mar 2023
New exploits are tricking Chrome. [Research Saturday]
Dor Zvi, Co-Founder and CEO from Red Access to discuss their work on "New Chrome Exploit Lets Attackers Completely Disable Browser Extensions." A recently patched exploit is tricking Chrome browsers on all popular OSs to not only give attackers visibility of their targets’ browse ... Show More
15m 33s
Apr 2020
JavaScript Vulnerabilities with Tim Kadlec - The State of the Web
(Originally aired on YouTube on May 30, 2018) Rick and Tim talk about how insecure much of the web really is, the various vulnerabilities in web security that can leave you open to attack, the challenge of making your organization aware of these risks, and how they could be explo ... Show More
12m 32s
Feb 2023
You don’t have to build a browser in JavaScript anymore
We talk about how Next is bringing image components, server components, and in-house analytics via split bee—and bundling them all together with Turbopack, powered by Rust, our Developer Survey most loved language of 2022.Guillermo Rauch is the CEO and cofounder of Vercel and coc ... Show More
23m 36s
Feb 2023
Episode 8: PostMessage Bugs, CSS Injection, and Bug Drops
Episode 8: In this episode of Critical Thinking - Bug Bounty Podcast we drop some critical bugs which leak raw credit card info. We also discuss some CSS Injection & PostMessage related techniques. It's a short one but a good one! Don't miss it!Follow us on twitter at: @ctbbpodca ... Show More
35m 57s
Nov 2023
What's new in CSS land
Una Kravets, developer advocate at Google & web platform ambassador, joins Amal & Nick to take them CSS to school as they start this podcast in CSS kindergarten and end it with a Level-Up CSS Diploma. (LUCD?) We explore all the amazing features which have recently landed in CSS — ... Show More
1h 14m
Listen to millions of songs and podcasts on Anghami