- From: Andrew Sutherland <notifications@github.com>
- Date: Thu, 06 Nov 2025 18:04:16 -0800
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 7 November 2025 02:04:20 UTC
asutherland left a comment (w3c/ServiceWorker#1798) Can you describe the attack's configuration in more detail as it relates to the browsing contexts and where the malicious page and its ServiceWorker sit in this? Specifically, it seems like if the malicious page is the top-level browsing context and the browser is partitioning, then any fetches made by the (first-party) ServiceWorker will themselves be partitioned with the malicious site as the partition key, so the only way any entropy could be extracted is if the malicious page convinces the user to log into the site in an iframe (thereby having the partition key). -- Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/1798#issuecomment-3500155018 You are receiving this because you are subscribed to this thread. Message ID: <w3c/ServiceWorker/issues/1798/3500155018@github.com>
Received on Friday, 7 November 2025 02:04:20 UTC