DigiNews

Summary

Ars Technica reports a browser-side side-channel attack called FROST that fingerprints a user’s device by measuring SSD access timing via the Origin Private File System (OPFS). The technique uses JavaScript to observe SSD contention and then classifies traces with a CNN to infer which websites are open and which apps may be running. The researchers note limitations (OPFS file must be large, typically gigabytes, and the attack has only been demonstrated on macOS and Linux so far) and suggest mitigations such as limiting OPFS file size and improving browser defenses. No widespread exploits are known at this time.