Websites Can Now Track Your Apps Without Permission. Here's What to Know

What Happened and Why It Matters

Researchers discovered a new privacy attack that lets websites track everything you do on your computer without asking permission. Called FROST, this attack uses simple website code to monitor which apps you open and which sites you visit. Your computer's storage drive accidentally leaks this information through tiny timing patterns.

The Details: How This Attack Works

Here's what makes FROST concerning. When you visit a website, it can run JavaScript code in your browser. That's normal and happens constantly. But researchers found that this code can measure incredibly tiny delays in how fast your solid state drive (SSD) responds to requests.

Every time you open an app or visit a website, your computer reads files from your SSD. Different apps and sites create unique patterns of storage activity. FROST measures these patterns by timing how long certain operations take. Think of it like hearing footsteps in the apartment above you and knowing who's walking around based on their unique gait.

The scary part is that this happens silently. No permission prompts appear. No browser extensions are needed. No special access is required. A malicious website can simply run this JavaScript in the background while you browse, building a profile of your digital activity.

Who Is Affected

Anyone using a computer with an SSD is potentially vulnerable. That includes most laptops and desktops purchased in the last five years. The attack works across different browsers and operating systems, though some are more vulnerable than others.

Families should pay special attention if household members use shared computers. This attack could reveal which family member uses which apps, creating privacy concerns within your own home. Students, remote workers, and anyone handling sensitive information face heightened risks from this type of surveillance.

What You Should Do Right Now

1. Keep your browser updated. Browser makers are working on defenses against timing attacks. Install updates as soon as they're available, especially for Chrome, Firefox, Safari, and Edge.

The Bigger Picture

FROST represents a troubling trend in online privacy. Attackers are finding increasingly clever ways to extract information without triggering any warning signs. These attacks exploit fundamental features of how computers work, making them harder to defend against. Staying informed about emerging threats helps you make better decisions about your digital security. What seems like harmless browsing today could expose your private activities tomorrow.

How GetCyberRight Can Help

Our Cyber Threat Radar tool tracks emerging browser-based privacy threats like FROST in real time. You'll receive alerts when new attack techniques are discovered, along with clear guidance on protecting your family. We translate complex security research into practical steps you can take right away. Think of it as having a cybersecurity expert watching your back, so you can focus on what matters most.