JavaScript can reveal which applications and websites a user opens via SSD-timing side channels without requiring system privileges or browser extensions.
FROST exploits disk latency measurements via the OPFS API and machine learning to remotely identify user tabs and programs, fundamentally compromising browsers’ security model.