Shared Storage Return Times Outside of Worklet Appear to Be Dependent on Activity in Worklet #136
Comments
|
Hi @anisenoff , thanks for the report! We can think through potential mitigations here such as making set return instantly, rate limiting the number of sets and get calls as a mitigation, or limiting the duration of the worklet. However similar to the response for issue #86, we'd like to note that while this particular side-channel could be mitigated, not all can and we potentially need to lean on after-the-fact analysis to detect these patterns and adapt over time. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It appears that you can influence the return times of calls to the shared storage API outside of the worklet by making calls to the API from inside the worklet. Below are histograms of the return times (relative to page navigation) from repeatedly calling
window.sharedStorage.setfrom outside of the worklet in three scenarios.If you don’t have anything happening in the worklet the return times create the histogram below.
If you also constantly call
window.sharedStorage.setfrom inside of the worklet you get the following histogram of return times.If you repeatedly call
window.sharedStorage.setfor periods of two seconds and then do nothing for two seconds from inside of the worklet you get the following histogram.By looking at the return times of the function calls outside of the worklet you can learn about what is happening inside the worklet which can be based on information that has been stored in shared storage.
For reference, these graphs were generated in Chrome version 121.
The text was updated successfully, but these errors were encountered: