New FROST attack leverages SSD side-channel to reveal browsing activity

📅 29 May 2026 at 12:54 UTC📰 Cyber InsiderView original source ↗

Security researchers have demonstrated a new browser-based side-channel attack that can monitor user activity by measuring subtle timing variations in SSD access, allowing malicious websites to infer which sites users visit and which applications they launch. The attack, named FROST (Fingerprinting Remotely using OPFS-based SSD Timing), abuses the browser's Origin Private File System (OPFS) API, … The post New FROST attack leverages SSD side-channel to reveal browsing activity appeared first on CyberInsider.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A new browser-based side-channel attack, FROST, leverages SSD timing variations to reveal user activity, including website visits and application launches, by abusing the Origin Private File System (OPFS) API in supported browsers.

⚙️Technical Details

Affected Systems

WindowsLinuxmacOS

Attack Vectors

Visiting an attacker-controlled websiteLeaving a tab open with malicious content

💥Impact Assessment

Severity: High

Who Is at Risk

Users of supported browsers, including Chrome, Firefox, and Safari, are at risk.

🛡️Recommended Actions

1Limit the size of OPFS storage

2Restrict access to high-resolution timers when OPFS is used

3Require explicit user permission before websites can access the OPFS feature

📦Affected Products

ChromeFirefoxSafari

Read the full article

This is a curated summary. The complete article is available at Cyber Insider.

Read on Cyber Insider ↗

← Back to feed