Spook: Side channel attack which could read the memory from password managers

Js is a new transient execution side channel attack which targets the Chrome web browser. More specifically, we show that an attacker-controlled webpage can know which other pages from the same websites a user is currently browsing, retrieve sensitive information from these pages, and even recover login credentials when they are autofilled. We further demonstrate that the attacker can retrieve data from Chrome extensions if a user installs a malicous extension. Js on a Tumblr blog, targeting a password that was autofilled into Tumblr's login page by Chrome's built-in credential manager. We show that our blog can be rendered by the same Chrome process as the login page, and that Spook. We show that under certain conditions, multiple extensions may be consolidated and executed from the same process. We take advantage of this behavior to read the memory of the LastPass credential manager extension, and recover the master password of the target's vault.