Chrome Zero: Chrome extension

Chrome Zero

Chrome Zero: Chrome extension

Category : Blog

Chrome Zero

Chrome Zero is a Google Chrome extension to protect users from microarchitectural and side-channel attacks.

Chrome Zero implements JavaScript Zero, a fine-grained policy-based system which allows changing the behavior of standard JavaScript interfaces and functions. Using so-called policies, Chrome Zero enforces certain restrictions to a website to protect users from malicious JavaScript. The policies allow to quickly adapt the permission system to protect against any newly discovered attack.

 

Chrome Zero is a proof of concept implementation that defends against these attacks. It installs as a Chrome extension and protects functions, properties, and objects that can be exploited to construct attacks. The basic idea is very simple, functions are wrapped with replacement versions that allow injection of a policy. This idea of wrapping functions (and properties with accessor properties, and certain objects with proxy objects) goes by the fancy name of virtual machine layering.

Chrome Zero

 

Chrome Zero: Extension blocks 11 JavaScript-based side-channel attacks:

 

Experts say that currently there are eleven state-of-the-art side-channel attacks that can be performed via JavaScript code running in a browser.

Each attack needs access to various local details, for which it uses JavaScript code to leak, recover, and gather the needed information before mounting the actual side-channel attack.

After looking at each of the eleven attacks, researchers say they’ve identified five main categories of data/features that JavaScript side-channel attacks attempt to exploit: JS-recoverable memory addresses, accurate timing (time difference) information, the browser’s multithreading (web workers) support, data shared among JS code threads, and data from device sensors.

JavaScript

 

Chrome Zero has a minimum performance impact:

Experts said that despite the extension’s intrusive behavior, tests showed a minimum performance impact of only 1.54% on resource usage, and an indiscernible page loading latency ranging from 0.01064s and 0.08908s —depending on the number of protection policies active at runtime.

The extension may be very well able to thwart even future and unknown Chrome zero-days as well, mainly because of its habit of rewriting dangerous functions to safer versions.

extension

 

Most Popular Training Courses at Indian Cyber Security Solutions:

 

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training

 

Cybersecurity services that can protect your company:

 

Web Security | Web Penetration Testing

Network Penetration Tester – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery


Leave a Reply

Show Buttons
Hide Buttons