Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the security implications of HTTP/2 server push and signed HTTP exchange (SXG) on the Same-Origin Policy in this 25-minute Black Hat conference talk. Discover how these modern web technologies undermine traditional SOP protections by introducing a more permissive HTTP/2 authority system based on SubjectAlternativeName (SAN) lists in TLS certificates, rather than the strict URI-based origin model. Learn about the significant security risks posed by shared certificates among unrelated domains and how attackers can exploit these vulnerabilities to bypass SOP protections. Examine two novel attack vectors - CrossPUSH and CrossSXG - that enable off-path attackers to execute cross-origin web attacks including arbitrary cross-site scripting (XSS), cookie manipulation, and malicious file downloads across all domains listed in shared certificates. Understand the practical implications through research findings that reveal vulnerabilities in widely-used browsers like Chrome and Edge, as well as major websites including Microsoft. Gain insights from the responsible disclosure process and acknowledgments received from major vendors including Huawei, Baidu, and Microsoft, presented by cybersecurity researchers from Tsinghua University.
