Spook.js

Spook.js attack bypasses Strict Site Isolation in Chrome to steal passwords

Security researchers from a collection of US and international universities have revealed details of Spook.js, a worrying transient execution side channel attack that can be used to bypass Chrome's Strict Site Isolation.

Rolled out by Google in response to the Spectre security flaw, Strict Site Isolation is supposed to prevent unauthorized data theft. But the researchers found that malicious JavaScript code can be used to grab data -- such as passwords -- from other tabs. The attack has been found to affect Intel processors and Apple devices with M1 chips; AMD chips are also thought to be at risk, but this is yet to be fully demonstrated.

By Sofia Elizabella Wyciślik-Wilson - September 13, 2021

Spook.js

Spook.js attack bypasses Strict Site Isolation in Chrome to steal passwords

Recent Headlines

Linux Mint 22.3 is built for users who value stability over surprises

Wine 11 finally fixes one of the biggest problems with running old Windows apps

Apple bundles Final Cut Pro, Logic Pro, and more into a new Creator Studio subscription

Executives more likely to take phishing bait than junior staff

Proton updates its Lumo AI tool with new Projects feature

Sisense delivers faster, smarter analytics with AI

Get WinOptimizer 2026 for free and save $30 on this brand new Windows cleanup and tuning tool

Most Commented Stories

Ashampoo Burning Studio 2026 usually costs €30, but you can get it free

WhatsApp is now trialing usernames in chats

Someone built a floppy disk TV remote control for kids and it actually works

Google to release Android source code less frequently

Dell revives the XPS brand with new laptops at CES 2026

iBUYPOWER shows a new water-cooled gaming PC concept at CES 2026

New solution gives real-time insight into bot traffic

Linux Mint 22.3 is built for users who value stability over surprises

NEWS