[Webkit-unassigned] [Bug 210776] New: sessionStorage is not isolated by site
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 20 17:48:29 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=210776
Bug ID: 210776
Summary: sessionStorage is not isolated by site
Product: WebKit
Version: Safari Technology Preview
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: New Bugs
Assignee: webkit-unassigned at lists.webkit.org
Reporter: senglehardt at mozilla.com
window.sessionStorage is not isolated by the top-level site, and thus is a cross-site tracking vector.
Example:
1. A user visits example.com which embeds tracker.example
2. tracker.example checks window.sessionStorage. If empty it reads an ID from persistent, site-isolated storage (e.g., localStorage) and writes it to sessionStorage.
3. The user visits news.example, which also embeds tracker.example.
4. tracker.example checks window.sessionStorage, sees the unique ID, and writes it out to persistent site-isolated storage under news.example.
5. Repeat as the user browsers the web.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200421/0f7da854/attachment-0001.htm>
More information about the webkit-unassigned
mailing list