Tired of the privacy invasion of browsers? Worried about the risk of seeing ads everywhere? Give the Brave Browser a try. All Chrome extensions are compatible. None of the telemetry. Auto-blocks ads and still support content creators like me.

Remarkable. And dangerous (PDF).

Side channel analysis is a remarkably powerful class of cryptanalytic attack. It lets attackers extract secret information hidden inside a secure device by analyzing the physical signals (power, radiation, heat, etc.) the device emits as it performs a secure computation [15]. … The attack code itself, executes a Javascript-based cache attack, which allows it to track accesses to the DUT’s last-level cache (LLC) over time. Since this single cache is shared by all CPU cores and by all users, processes and protection rings, this information can provide the attacker with a detailed knowledge of the user and the system under attack.

The practical details and proof-of-concept are being withheld until all browsers have had a change to push an update and patch for this problem.

Using JavaScript to read data from the shared L3 CPU cache. Impressive.

The full research paper is available online: The Spy in the Sandbox – Practical Cache Attacks in Javascript.