Proceedings of the Usenix Security Symposium
Proceedings of the Usenix Security Symposium Year 2023 Peer-reviewed
BibTeX PDF
Web Security · Privacy

Pool-Party: Exploiting Browser Resource Pools for Web Tracking

Peter Snyder Soroush Karami Arthur Edelstein Benjamin Livshits Hamed Haddadi
2023
Publication year
USENIX Security
Venue
Peer-reviewed
Type
§ Abstract

Summary

Abstract We identify class of covert channels in browsers that are not mitigated by current defenses, which we call “pool-party” attacks. Pool-party attacks allow sites to create covert chan- nels by manipulating limited-but-unpartitioned resource pools. This class of attacks have been known to exist; in this work we show that they are more prevalent, more practical for exploita- tion, and allow exploitation in more ways, than previously identified. These covert channels have sufficient bandwidth to pass cookies and identifiers across site boundaries under prac- tical and real-world conditions. We identify pool-party attacks in all popular browsers, and show they are practical cross-site tracking techniques (

Cite this paper — BibTeX 
@InProceedings{snyder23pool-party,
  title = "Pool-Party: Exploiting Browser Resource Pools for Web Tracking",
  author = "Peter Snyder and Soroush Karami and Arthur Edelstein and Benjamin Livshits and Hamed Haddadi",
  year = "2023",
  month = aug,
  booktitle = "Proceedings of the Usenix Security Symposium",
}
Copied