FROST attack uses browser storage timing to fingerprint open sites and apps
Researchers describe FROST, a browser-based side-channel that measures SSD access latency via the origin private file system (OPFS) to infer which sites a user has open and which apps are running, enabling cross-site fingerprinting with no user interaction. The attack relies on large OPFS files and reads from the same SSD, limiting scale and making detection likely; mitigations include capping OPFS size or other browser changes. The work was demonstrated on macOS and is slated for presentation at the DIMVA conference.