1. Field
Embodiments generally relate to browsers, and particularly to web browser security.
2. Background Art
Multi-process web browsers can include a browser process and a plurality of renderer processes. Such web browsers may place privileged browser components, that are less likely to be exploited by malicious entities, in an unrestricted browser process. Less privileged components, that are more likely to be exploited by malicious entities, may be placed in ‘sandboxed’ or restricted renderer processes. In this approach, an attacker who gains control of (or exploits) a sandboxed renderer process, is limited by restrictions of the sandbox, making it difficult for the attacker to read or write files on a user's disk, etc. However, the attacker can still request content (e.g., HTML or XML documents) from web sites from within an exploited renderer process. This content can be requested with the user's session information (e.g., cookies) and credentials, so that it includes confidential user information. The attacker can then leak this confidential information to the attacker's own server by making additional network requests.