Google unveiled a platform, dubbed ‘XS-Leaks wiki’, an open knowledge base. To improve the state of web security, the company invited all the members of the security community to participate in it. This will be a platform where researchers can share information about new attacks and defenses.
To defend against cross-site leaks
The web is an ecosystem built on openness and composability. Although It powers thousands of services created and maintained by engineers at Google, the web’s open design also allows unrelated applications to sometimes interact with each other in ways that may undermine the platform’s security guarantees.
With the increase of security issues in modern web applications, unsavory sites reveal information about the user or their data in other web applications. Google explained the class of issues, saying,
“This class of issues, broadly referred to as cross-site leaks (XS-Leaks), poses interesting challenges for security engineers and web browser developers due to a diversity of attacks and the complexity of building comprehensive defenses.”
The details of each cross-site leak in the wiki
Google aims to work with security community on expanding the XS-Leaks wiki with information about new offensive and defensive techniques. Further, the wiki is to help web developers understand the defense mechanisms offered by web browsers that can comprehensively protect their web applications from various kinds of cross-site leaks.
“Available at xsleaks.dev (code on GitHub), the wiki explains the principles behind cross-site leaks, discusses common attacks, and proposes defense mechanisms aimed at mitigating these attacks. The wiki is composed of smaller articles that showcase the details of each cross-site leak, their implications, proof-of-concept code to help demonstrate the issue, and effective defenses,” explained Google.