Name: Spectroscope in Chrome with OffiDocs
Brand: OffiDocs
SKU: 612a65423164e4d591739fd46caa0d54
Availability: OnlineOnly
Rating: 4.20 (2847 reviews)

Spectroscope screen for extension Chrome web store in OffiDocs Chromium

Run with Chromium online

Spectroscope from Chrome web store to be run with OffiDocs Chromium online

DESCRIPTION

Spectroscope is a prototype extension for security engineers and web developers to help track down application resources which aren't protected from being embedded by other websites.

Such resources can, in some cases, be exfiltrated by malicious sites making use of CPU-level information leaks on users' devices, such as the Spectre vulnerability.

The tool identifies resources which are exempt from default protections enabled in Google Chrome (Cross-Origin Read Blocking, SameSite cookies) and which can be embedded cross-site.

The results are added to Chrome's DevTools "Spectroscope" panel and include security recommendations to help protect your resources from Spectre and other cross-site attacks.

Note: This is a prototype extension which is meant to be used only as a convenience tool to help you protect your site; it is not an official Google product.

Testing your site with Spectroscope is not a substitute for careful deployment of recommended web security features.

See https://w3c.

github.

io/webappsec-post-spectre-webdev/ for a complete list of best practices.

Authors (alphabetically): Roberto Clapis, Santiago Diaz, Aleksandr Dobkin, David Dworken, Artur Janc, Aaron Shim, Lukas Weichselbaum

Additional Information:

- Offered by Lukas Weichselbaum
- Average rating : 5 stars (loved it)
- Developer This email address is being protected from spambots. You need JavaScript enabled to view it.

Spectroscope web extension integrated with the OffiDocs Chromium online