English

Loophole: Timing Attacks on Shared Event Loops in Chrome

Cryptography and Security 2017-06-29 v2

Abstract

Event-driven programming (EDP) is the prevalent paradigm for graphical user interfaces, web clients, and it is rapidly gaining importance for server-side and network programming. Central components of EDP are {\em event loops}, which act as FIFO queues that are used by processes to store and dispatch messages received from other processes. In this paper we demonstrate that shared event loops are vulnerable to side-channel attacks, where a spy process monitors the loop usage pattern of other processes by enqueueing events and measuring the time it takes for them to be dispatched. Specifically, we exhibit attacks against the two central event loops in Google's Chrome web browser: that of the I/O thread of the host process, which multiplexes all network events and user actions, and that of the main thread of the renderer processes, which handles rendering and Javascript tasks. For each of these loops, we show how the usage pattern can be monitored with high resolution and low overhead, and how this can be abused for malicious purposes, such as web page identification, user behavior detection, and covert communication.

Keywords

Cite

@article{arxiv.1702.06764,
  title  = {Loophole: Timing Attacks on Shared Event Loops in Chrome},
  author = {Pepe Vila and Boris Köpf},
  journal= {arXiv preprint arXiv:1702.06764},
  year   = {2017}
}

Comments

Original publication in the Proceedings of the 26th Annual USENIX Security Symposium (USENIX Security 2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/vila

R2 v1 2026-06-22T18:25:10.942Z