A web browser is made of several moving parts, and each part works together to offer the user experience we are looking for. A browsers database is one such part and is responsible for storing data locally on a machine to offer a personalised and faster browsing experience.
This database is responsible for storing cookies and other identifiers like login credentials websites need for their proper functionality. It also has a cache memory responsible for storing website assets that load websites faster, improving the user experience.
In this article, we will be talking about cache partitioning technologies and the privacy threats they pose.
What is Caching?
Every website you visit is composed of several images and fonts. These images and fonts need to be loaded from different servers, and network requests are required to access this data.
Each network request your browser makes increases the load time of the website. To decrease this overhead, developers came up with the concept of caching, which stores assets on the local machine to reduce page load times. A different website can access these assets without making a network request to their servers, improving the browsing experience.
If you visit multiple pages on a website, the browser caches the company logo or other assets required on every website page. This reduces the website’s rendering time as the browser does not have to request those resources again as they are available on the system itself.
Caching is also used to store font libraries and other framework libraries like jquery from content delivery networks required to render pages correctly. Caching of these libraries helps websites load faster as most of the websites use similar libraries, and if the library is in the system, the browser does not have to request the resources again.
Security vulnerabilities of caching
Although caching comes with many advantages, it causes several security vulnerabilities that can be used for cross-site tracking and search attacks. A brief overview of these vulnerabilities is given below
- User browsing history tracking: Any adversary can track a user’s browsing history by looking at the data stored in the browser’s cache. By looking at the cache items, the adversary can make an educated guess of the user’s browsing habits.
- Cross-site tracking: The cache can be used to store cookie-like identifiers that can be used by third-party advertising companies for cross-site tracking.
- Side-channel attacks: If data is cached in your browser then requests will be processed faster and an attacker can use the variation in response time to expose personal information.
Cache partitioning explained
As the name suggests, cache partitioning divides the browser cache into multiple sections so that only a particular website can access the cached resources. This prevents other sites for accessing the data stored in the cache memory, protecting user data.
To perform this task, Chrome uses network key isolation, which creates a unique key for the browser’s cache’s resources. This isolation technique uses top-level site data and current iframe information to create a unique identifier that prevents other websites from accessing the cache’s information.
Although cache partitioning offers a lot of security compared to the monolithic caching approach, it has some flaws.
- Slower rendering of webpages: As different webpages cannot use the libraries stored in the cache, multiple requests have to be made to get them. This increases the time a website takes to load if libraries are not stored on the website’s server and are dependent on a content delivery network. Google fonts also took a performance hit due to cache partitioning, and it’s a better idea to host your fonts rather than getting them from a content delivery network.
- Privacy issues: As different websites cannot use the libraries stored locally on your system, every time you visit a website which uses a hosted library the browser sends a network request to CDN servers to get the resources. This gives your IP information and other sensitive data to the CDN servers every time you request a library.
To protect yourself from cache partitioning demerits, you can use extensions that create a local CDN emulation on your system, serving the libraries locally or you can also use an alternative to Chrome.