Maybe you’ve heard it before - HTML 5 and related technologies bring a whole slew of new features to web browsers, some of which can be a threat to security and privacy. But subtle interactions between the less explored corners of new browser features can have some unexpected and dangerous side effects.
In this presentation, I’ll introduce a number of new techniques that use JavaScript-based timing attacks to extract sensitive data from your browser. In my talk I will demonstrate cross-browser vulnerabilities against Chrome, Internet Explorer and Firefox that can be used to access your browsing history and read data from websites you’re logged into. I’ll also take a look at the difficulties involved in fixing these types of vulnerabilities.