FROST Attack Uses SSD Timing to Spy on Your Browsing History

Researchers at Graz University of Technology have unveiled FROST, a new side-channel attack that lets any malicious website determine which sites you visit and which applications you open—using only JavaScript and the timing characteristics of your solid-state drive. Set to appear at DIMVA 2026, the technique requires no native code, no browser extension, and no permission prompt. Once a victim loads the attacker-controlled page, a background script monitors SSD contention while the tab sits idle, turning a once-local attack into a fully remote one.

The attack abuses the Origin Private File System (OPFS), a storage feature shipped in every major desktop browser since 2023. Because OPFS allocates each origin a sandboxed slice of the filesystem, it bypasses the standard permission dialog that would otherwise block file access. The researchers bypass the operating system's page cache by creating a file larger than the system's RAM—Chrome and Safari allow this to grow to 60% of total disk space—forcing repeated reads to hit the SSD directly. The script then reads random 4 kB chunks in a loop, sharpens its timer resolution by enabling cross-origin isolation, and uses performance.now() to log latency. When the user opens another site or app on the same drive, contention measurably shifts those timings, and a neural network classifies the activity. The F1 score reached 88.95% in closed-world tests against the top 50 websites on macOS, 86.95% in an open-world test with 300 additional sites, and 95.83% against ten pre-installed macOS applications. The same group previously demonstrated SnailLoad, which used network latency, and Secret Spilling Drive, which required Linux's io_uring interface. FROST eliminates that local-code requirement entirely.

For end users, the implications are significant. This is not a traditional exploit that patches away neatly—it is a privacy flaw baked into the way browsers handle storage. Users who want to gauge how much identifying information their browser already exposes can run a browser fingerprint test, and a broader privacy checkup can highlight other tracking surfaces. Until browser vendors revise OPFS limits, cache behavior, or timer precision to close the channel, the most effective mitigations include closing unused tabs, limiting the number of origins a site can spawn, and using dedicated user profiles for sensitive work. The attack currently works on both macOS and Linux desktops, and while Windows has not been formally tested, the underlying OPFS and SSD timing mechanics are universal.