‘Cookie curtain’ offers security and privacy benefits

Google has announced plans to partition the HTTP cache of its Chrome browser in a move designed to protect against some forms of side-channel attack.

As things currently stand, a site can run code that will check whether another site opened in Chrome on the same machine has loaded a resource or not.

This behavior creates a means for a malicious site to determine whether or not a user has visited a specific site as well as opening the door to possible cross-site search attack, a class of vulnerability that’s become the focus of recent research.

The cache can also be used to store cross-site super-cookies (AKA ever-cookies) as a fingerprinting mechanism, creating a tracking issue that’s exacerbated by having a common HTTP cache.

These various issues involving HTTP caching are a problem for browser makers in general, as evidenced by a discussion on the topic on GitHub back in May.

Partition party, people

Apple partitioned the cache in Safari more than six years ago, with both Mozilla and Google planning to follow suit. Apple uses eTLD+1 to partition the cache, whereas Google is going with a slightly different architecture.

“The HTTP cache is currently one-per-profile, with a single namespace for all resources regardless of origin or renderer process,” Google explains in an intent to ship notice.

“This opens the browser to a side-channel attack where one site can detect if another site has loaded a resource by checking if it’s in the cache.

“This feature will partition the HTTP cache using top frame origin (and also possibly the subframe origin) to prevent documents from one origin from knowing if a resource from a cross-origin document load was cached or not,” it adds.

HTTP cache partitioning for Chrome will be offered for both the mobile and desktop versions of the browser software.

For users the change will offer privacy and security benefits, but there will be a trade-off for some web developers, Google warns.

“This is not a breaking change, but it will have performance considerations for some organizations,” Google said.

“For instance, those that serve large volumes of highly cacheable resources across many sites (e.g., fonts and popular scripts).”


RELATED Cross-site search attack applied to snoop on Google's bug tracker