USENIX'23 Artifact: Isolated and Exhausted: Attacking Operating Systems via Site Isolation in the Browser

Site Isolation, a security feature recently introduced to major browsers enables attacks on modern operating systems. To demonstrate the impact of Site Isolation attacks on web users we implemented a Site Isolation fork-bomb and a DNS Cache Poisoning Attack: DNS Poisoning by Exhaustive Misappropriation of Network Sockets (DEMONS). Setup instructions, configurations, and the implementation of both attacks are part of our publicly available research artifacts. While DEMONS was assigned CVE-2020-6557 and patched by the Chromium Team, the fork-bomb is still a threat to current browsers. We describe a way to mitigate the Site Isolation fork-bomb in Chromium-based browsers without measurable performance penalty and include both the patch and our performance measurement results in this set of artifacts.