I found new vectors and techniques for the detection attack from my previous post. There is a cross browser way to detect does certain URL redirect to another URL and is destination URL equal to TRY_URL. Interestingly in webkit you can check a few millions of TRY_URLs per minute (brute force).
There were similar attacks: CSS-visited-links leaking, cross domain search timing but the vector I am going to describe looks more universal and dangerous.
read more.......http://homakov.blogspot.com/2013/03/pwning-your-privacy-in-all-browsers.html
There were similar attacks: CSS-visited-links leaking, cross domain search timing but the vector I am going to describe looks more universal and dangerous.
read more.......http://homakov.blogspot.com/2013/03/pwning-your-privacy-in-all-browsers.html