Chromium site isolation bypass allows wide range of attacks on browsers


A flaw in the Chromium project allows attackers to get beyond site isolation protection using popup windows and iFrames to engage in a variety of harmful actions.

In order to prevent distinct websites in a browser from accessing each other’s data, site isolation separates each origin’s renderer into its own process. The technology also enables the browser to “process locks,” which it refers to as assigning each renderer a unique origin. Read More…