Pool-Party: Exploiting Browser Resource Pools as Side-Channels for Web Tracking
share
We identify a new class of side-channels in browsers that are not mitigated by current defenses. This class of side-channels, which we call "pool-party" attacks, allow sites to create covert channels by manipulating limited-but-unpartitioned resource pools in browsers. We identify pool-party attacks in all popular browsers, and show they are practical cross-site tracking techniques. In this paper we make the following contributions: first, we describe pool-party side-channel attacks that exploit limits in application-layer resource pools in browsers. Second, we demonstrate that pool-party attacks are practical, and can be used to track users in all popular browsers; we also share open source implementations of the attack and evaluate them through a representative web crawl. Third, we show that in Gecko based-browsers (including the Tor Browser Bundle) pool-party attacks can also be used for cross-profile tracking (e.g., linking user behavior across normal and private browsing sessions). Last, we discuss possible mitigations and defenses.
READ FULL TEXT