HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Researchers Reveal FROST: Browser‑Based SSD Timing Attack Enables Websites to Spy on User Activity

A new side‑channel technique called FROST lets any website infer which applications and sites a user has open by measuring SSD contention through the browser’s OPFS storage API. The attack runs purely in JavaScript, requiring no malware or extensions, and poses a privacy risk for enterprises that rely on web‑based SaaS tools.

LiveThreat™ Intelligence · 📅 May 29, 2026· 📰 helpnetsecurity.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
4 recommended
📰
Source
helpnetsecurity.com

Researchers Reveal FROST: Browser‑Based SSD Timing Attack Enables Websites to Spy on User Activity

What Happened – Researchers have demonstrated “FROST” (Fingerprinting Remotely using OPFS‑based SSD Timing), a side‑channel attack that lets a website infer which applications and sites are active on a visitor’s machine by measuring SSD contention through the browser’s Origin Private File System (OPFS). The attack runs entirely in JavaScript; no malware, extensions, or elevated privileges are required.

Why It Matters for TPRM

  • Reveals a new privacy‑risk vector that can expose proprietary SaaS usage patterns of your customers.
  • Highlights the need to reassess browser‑based security controls in third‑party risk assessments.
  • May affect compliance regimes that require strict data‑handling guarantees for end‑user devices.

Who Is Affected – Technology/SaaS providers, enterprises using web‑based productivity suites, cloud‑hosted applications, and any organization whose users access critical services via modern browsers.

Recommended Actions – Review vendor security questionnaires for browser hardening measures, validate that OPFS usage is monitored and limited, consider deploying browser isolation or content‑security policies, and stay informed of upcoming browser patches addressing OPFS side‑channel mitigations.

Technical Notes – FROST exploits timing differences caused by SSD contention when multiple processes access storage. It leverages OPFS, a sandboxed file system introduced in Chromium‑based browsers, to perform high‑resolution timing measurements from JavaScript. No known CVE yet; mitigation includes limiting OPFS file size, monitoring disk usage, and applying browser‑level throttling of storage APIs. Source: Help Net Security

📰 Original Source
https://www.helpnetsecurity.com/2026/05/29/website-tracking-ssd-activity-research/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · PrivacyOps · CookiePLUS

A privacy incident is a question about your consent record.

CookiePLUS and Verisq AI Trust Operations keep consent, DSAR, and data-handling evidence continuously ready — so a data-exposure event finds you prepared, not scrambling.

See how Verisq AI Trust Operations handles privacy →