Princeton researchers say they have found a security vulnerability in all standard browser design that could let Websites analyze the contents of a visitor’s “cache” of recent activities. Called a timing attack, it works by asking the browser if it has visited a list of Web sites and determining the answer by measuring the time needed for the browser to respond.
The technique opens up other new ways to extract information from browsers, though some analysts doubt that the attack presents a serious threat. Designers could create “cache cookies” which are stored in browsers without user permission. A number of different Websites could then cooperate to gather information about user behavior by accessing those cache cookies. There is no defense against this type of theoretical attack but the researchers say that future browsers can be designed to minimize risks associated with cache attacks.