Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

FROST browser SSD timing side channel via OPFS

Technical Analysis
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

FROST turns browser storage timing into a remote SSD side channel that can identify which sites a user visits and which apps they open. The technique runs inside the browser sandbox with JavaScript only, raising privacy risk across macOS and Linux desktop systems.

Related Happenings

Google Chrome 146 adds Device Bound Session Credentials to block session-cookie theft

Security Tool/Service
First: 09.04.2026 21:33 Last: 09.04.2026 21:33 Sources 1

About this happening: Google has rolled out **Device Bound Session Credentials (DBSC)** in **Chrome 146 for Windows**, binding sessions to device hardware to blunt **infostealer malware** that steals s...

Open Happening

Storm infostealer server-side decryption activity

Malware Activity
First: 02.04.2026 17:15 Last: 02.04.2026 17:15 Sources 1

About this happening: The **Storm** infostealer now steals **browser credentials**, **session cookies**, and **crypto wallets** and forwards them to attacker infrastructure for **server-side decryption...

Open Happening

Torg Grabber browser-extension theft activity

Malware Activity
First: 25.03.2026 20:32 Last: 25.03.2026 20:32 Sources 1

About this happening: The **Torg Grabber** infostealer is actively stealing data from **850 browser extensions**, including **728 cryptocurrency wallet extensions**, which raises the risk of account ta...

Open Happening

Mozilla Firefox 149 adds a built-in VPN privacy control with phased rollout

Security Tool/Service
First: 24.03.2026 19:23 Last: 24.03.2026 19:23 Sources 1

About this happening: **Mozilla Firefox 149** now includes a **built-in VPN tool** that adds browser-level privacy protection and can help hide a user's **location and IP address** while browsing. The...

Open Happening

VoidStealer debugger-based ABE-bypass infostealer

Malware Activity
First: 22.03.2026 16:32 Last: 22.03.2026 16:32 Sources 1

About this happening: **VoidStealer** now uses a **debugger-based ABE bypass** to steal **Chrome** master keys, increasing the risk of browser credential and sensitive-data theft. The infostealer can e...

Open Happening

Timeline

  1. 09.06.2026 12:50 2 articles · 3h ago

    Graz University of Technology discloses FROST browser SSD timing attack

    Initial Disclosure

    Graz University of Technology researchers described FROST, a JavaScript-only browser attack that uses OPFS and SSD timing to infer which sites a desktop browser user visits and which apps the user opens. The technique runs inside the browser sandbox on macOS and Linux with no native code, extension, or permission prompt, and the reported evaluation reached 88.95% F1 for top-50 websites on macOS, 95.83% for ten pre-installed macOS apps, and a covert channel over OPFS.

    Show sources
    Open in new tab