Knowledge-sharing website aims to help developers protect against side-channel browser attacks

Google invites security researchers to collaborate on new XS-Leaks wiki platform

Google is inviting security researchers to contribute to a new “open knowledge” sharing base focused on cross-site leaks (XS-Leaks).

The platform, dubbed ‘XS-Leaks wiki’, will provide information explaining the principles behind XS-leaks, discussing common attacks and proposing defense mechanisms aimed at mitigating them, a blog post reads.

It was launched to promote a better understanding of XS-Leaks and encourage the security community to better protect against them.

XS-Leak attacks comprise various side-channel techniques used against browsers that can be used to infer and collect information about users.

The blog post continues: “The wiki is composed of smaller articles that showcase the details of each cross-site leak, their implications, proof-of-concept code to help demonstrate the issue, and effective defenses.

“To improve the state of web security, we’re inviting the security community to work with us on expanding the XS-Leaks wiki with information about new offensive and defensive techniques.”

Get involved

Researchers have the opportunity to share information about new attacks and defenses within the wiki.

Google says its goal is to help web developers understand the defense mechanisms offered by web browsers that can help to protect against XS-Leaks.

Each attack described in the wiki is accompanied by an overview of security features which can protect against it.


Read more of the latest security news from Google


“The wiki aims to provide actionable guidance to assist developers in the adoption of new browser security features such as Fetch Metadata Request Headers, Cross-Origin Opener Policy, Cross-Origin Resource Policy, and SameSite cookies,” said Google.

“We hope this new resource encourages further research into creative attacks and robust defenses for a major class of web security threats. We’re excited to work together with the community to continue making the web safer for all users.”


READ MORE Google Project Zero to form ‘crystal ball’ forecast panel to help improve vulnerability disclosure