How to protect JavaScript-Based CPU Side-Channel Attacks on Chrome

A Chrome extension called Chrome Zero can block side-channel attacks that use JavaScript code to leak data. The extension is currently available only on GitHub.

Researchers have created the extension to protect JavaScript functions, objects, and properties. The extension basically rewrites to protect JavaScript functions that are used by malware to leak CPU and memory data. Experts claim that the extension is capable of blocking 11 side-channel attacks that are performed via JavaScript code in the browser.

How to install

Chrome Zero has not made it to the Chrome Store yet. Here are the steps to install the extension on your computer:

Download the source code from GitHub
Going to Chrome's extensions management page (chrome://extensions)
Enabling "Developer Mode”
Click on "Load Unpacked”
Select the folder "/chromezero" from inside the extension's source code.

Once the extension is successfully installed, you can select the desired protection level. Researchers that have developed the extension are the same people behind JavaScript-version of Rowhammer attack.

Performance impact

Since the extension rewrites to secure the JavaScript functions, it is likely to have performance impacts. Experts said that despite the intrusive behavior, Chrome Zero shows the impact of only 1.54% on resource usage. The indiscernible page loading latency ranges between 0.01064s and 0.08908s.

The extension is capable of blocking 50% of Chrome zero-days detected in the real world. According to the researchers, Chrome Zero is able to thwart future and unknown Chrome zero-days.

Source: techgig.com