FROST Attack: How Websites Can Spy on Your SSD Activity Through the Browser 2026 Research
Analyzing the security implications of FROST Attack reveals critical mitigation priorities in 2026. Researchers have demonstrated a novel browser-based side-channel attack called FROST that can fingerprint your SSD activity through JavaScript alone. By exploiting the Origin Private File System (OPFS) API available in modern browsers, a malicious website can measure SSD timing contention to determine which websites you have open in other tabs and which applications are running on your device — all without any user interaction or permissions.
Table of Contents
- What Is the FROST Attack?
- How Browser-Based SSD Fingerprinting Works
- The OPFS API: A New Attack Surface
- What Attackers Can Detect
- The Research: Who Discovered FROST
- Platform-Specific Results
- macOS (M2 Mac)
- Linux
- Windows
- Limitations and Detection Opportunities
- How to Protect Yourself from FROST Attacks
- The Future of Browser-Based Side-Channel Attacks
- Frequently Asked Questions
- Is FROST being used in the wild right now?
- Do I need to be worried about FROST?
- Can antivirus software detect FROST?
- Does using a VPN protect against FROST?
- Which browsers are affected?
- Critical Takeaway on FROST Attack
What Is the FROST Attack?
FROST stands for “Fingerprinting Remotely Using OPFS-based SSD Timing.” It is a contention-based side-channel attack that allows a website to extract information about a user’s device activity by measuring how different processes compete for the same SSD resources — directly from JavaScript running in a browser tab.
Unlike traditional browser fingerprinting techniques that rely on canvas rendering, WebGL capabilities, or installed font lists, FROST operates at the hardware level. It can detect what other websites are open (even in different browsers) and what applications are running on the host operating system. This represents an entirely new category of web-based surveillance.
How Browser-Based SSD Fingerprinting Works
The attack exploits a contention side channel — a timing difference that occurs when multiple processes attempt to access the same storage device simultaneously. Here’s the step-by-step mechanism:
- OPFS file creation: The attacking website creates a file in the browser’s Origin Private File System. This requires no user interaction and no permissions — OPFS is available to any website by default.
- Large file generation: The site writes a large file (typically 1 GB or more) to OPFS. The size is critical — larger files create more measurable contention patterns.
- Continuous random reads: Using JavaScript, the site continuously performs random read operations from the OPFS file, measuring the latency of each read with high precision.
- Contention measurement: When other processes on the same SSD perform I/O operations, they create measurable latency spikes in the attacker’s read operations. These timing variations form a unique “fingerprint” of concurrent activity.
- CNN classification: A pretrained convolutional neural network analyzes the timing traces to classify what’s happening on the device — which websites are open, which applications are running.
The key insight: even though OPFS is sandboxed per-origin, the underlying SSD hardware is shared. The timing differences caused by this hardware sharing leak information across security boundaries.
The OPFS API: A New Attack Surface
The Origin Private File System (OPFS) is a relatively new web API that provides websites with a private storage area. Unlike traditional browser storage (localStorage, IndexedDB), OPFS offers direct file system access with significantly better performance. It was designed for applications that need to handle large files efficiently — think video editors, image processors, and database applications running in the browser.
However, FROST demonstrates that OPFS’s performance characteristics — specifically the ability to perform high-frequency random reads with precise timing — create an unintended side channel. The API was never designed with SSD contention attacks in mind.
What Attackers Can Detect
The FROST research demonstrated several detection capabilities:
| Detection Target | Accuracy | Platform |
|---|---|---|
| Websites open in other tabs | High | macOS (demonstrated) |
| Websites open in other browsers | High | macOS (demonstrated) |
| Running applications | Moderate-High | macOS (demonstrated) |
| SSD I/O patterns | High | macOS + Linux (confirmed) |
The ability to detect websites open in other browsers is particularly significant. This means a Firefox user could be fingerprinted by a website they visit in Chrome, and vice versa — completely bypassing browser-level privacy protections.
The Research: Who Discovered FROST
FROST was developed by Hannes Weissteiner and co-authors. The full research paper is available at hannesweissteiner.com and is scheduled to be presented at the DIMVA (Detection of Intrusions and Malware & Vulnerability Analysis) conference in July 2026.
The research represents a collaboration between security researchers exploring the boundaries of browser-based attacks. Their work builds on previous SSD contention side-channel research but is the first to demonstrate the attack entirely from JavaScript in a browser, without requiring any native code or elevated privileges.
Platform-Specific Results
macOS (M2 Mac)
The full FROST attack was completely demonstrated on an M2 Mac. The researchers successfully used JavaScript-based SSD timing measurements and a CNN classifier to identify open websites and running applications with high accuracy. The M2’s unified memory architecture and shared SSD access patterns made the contention side channel particularly measurable.
Linux
On Linux, the researchers confirmed that the underlying timing primitive works — meaning the JavaScript code can successfully measure SSD access latency differences from a browser tab. However, they did not run the complete classification attack on Linux. Weissteiner noted that “the performance of the primitive is similar between macOS and Linux,” suggesting the full attack would likely succeed on Linux as well.
Windows
Windows was not tested by the researchers. However, given that Windows uses the same OPFS API and similar SSD hardware, the attack is theoretically possible. Further research is needed to confirm Windows-specific behavior.
Limitations and Detection Opportunities
FROST is not a perfect attack. Several factors limit its practical impact:
- Large file requirement: The OPFS file must be extremely large (1 GB or more) to produce measurable contention patterns. This creates a detectable footprint — users who notice a website creating gigabytes of local storage may investigate.
- Same SSD requirement: The attack only works when the OPFS file and the target activity reside on the same physical SSD. If applications or browsers use separate drives, the contention channel doesn’t exist.
- Noise sensitivity: Background I/O from the operating system, other applications, and system processes can interfere with timing measurements, potentially reducing accuracy.
- Time requirement: The attack requires sustained measurement over a period of time to collect enough data for reliable classification.
- No known real-world exploitation: As of publication, there are no confirmed cases of FROST being used in the wild. The research is currently academic.
How to Protect Yourself from FROST Attacks
While FROST is not currently exploited in the wild, proactive protection is advisable:
- Monitor OPFS storage: Periodically check which websites have created large OPFS files. In Chrome, navigate to
chrome://settings/content/cookiesand review site storage. In Firefox, checkabout:preferences#privacyunder Site Data. - Close unnecessary tabs: Fewer open tabs means less contention and less information leakage. This is good practice regardless of FROST.
- Use separate drives: If you run sensitive applications, consider using a different physical SSD than your browser’s default storage location.
- Browser extensions: Monitor and limit OPFS file creation using browser extensions that provide storage management capabilities.
- Request browser vendor action: The researchers suggest that browser vendors could limit maximum OPFS file sizes as a countermeasure. This would reduce the contention signal without breaking legitimate OPFS use cases.
The Future of Browser-Based Side-Channel Attacks
FROST opens an entirely new category of browser-based attacks: hardware-level observation through web APIs. Previous browser fingerprinting techniques were limited to software-level information. FROST demonstrates that the browser’s increasing access to powerful native APIs — designed for performance and capability — creates unintended security consequences.
This is a pattern we’ve seen before:
- Spectre/Meltdown showed that CPU speculation could leak data across process boundaries
- Cache timing attacks demonstrated that shared CPU caches could be weaponized
- FROST shows that shared SSD resources can be exploited from JavaScript
As browsers continue to add APIs that provide closer-to-hardware access (WebGPU, WebAssembly SIMD, Web Neural Network API), the attack surface for side-channel attacks will only grow. The security community needs to evaluate these APIs through a side-channel lens before they become widely deployed.
Frequently Asked Questions
Is FROST being used in the wild right now?
No. As of May 2026, FROST is an academic research project with no confirmed real-world exploitation. The research will be presented at the DIMVA conference in July 2026.
Do I need to be worried about FROST?
For most users, the immediate risk is low. The attack requires large OPFS files (detectable), same-SSD access, and sustained measurement. However, high-value targets (journalists, activists, executives) should be aware of this capability and take proactive precautions.
Can antivirus software detect FROST?
Traditional antivirus software is unlikely to detect FROST because the attack runs entirely within the browser using legitimate JavaScript APIs. There is no malware to detect — the attack is a side-channel exploitation of normal browser functionality.
Does using a VPN protect against FROST?
No. FROST operates at the local hardware level, measuring SSD contention on your physical device. A VPN protects your network traffic but has no effect on local side-channel attacks.
Which browsers are affected?
Any browser that supports the OPFS (Origin Private File System) API is potentially affected. This includes Chrome, Edge, Firefox, Safari, and Opera. The attack relies on the OPFS API’s ability to perform high-frequency file I/O with precise timing, which is a fundamental characteristic of the API rather than a browser-specific bug.
Critical Takeaway on FROST Attack
When analyzing the security impact of FROST Attack in 2026, organizations must prioritize proactive mitigation. Implementing the recommended controls for FROST Attack protects your systems and reduces compliance exposure. To ensure your team is prepared for FROST Attack, conduct regular security audits and vishing simulations. Mitigating FROST Attack risks prevents unauthorized access, safeguards customer trust, and secures cloud CRM platforms. A comprehensive strategy for FROST Attack includes least privilege policies, phishing-resistant MFA, and active logging. Secure your deployments against FROST Attack vectors today.
Related Security Resources:
- External Advisory: Hannes Weissteiner Official Side Channel Research (DoFollow link)
- Internal Guide: WASM supply chain security escapes
