pool party WebSocket attack
Hi! At Brave we have been investigating a side-channel cross-site tracking attack that is a common privacy issue for many browsers. In short, some global resource pools can be abused to send short messages between different websites. In Tor Browser (and Firefox) we were able to show that the WebSocket resource pool, which has a maximum size of 200, can be successfully used to send a 35-bit cross-site messages in 7 seconds. (A Web Worker pool attack also works in Firefox, but I wasn't able to get it to work in Tor Browser for unclear reasons.)
Brave's approach to protecting against pool party attacks is to partition the resource pool by eTLD+1. Full details are in the draft paper: https://arxiv.org/pdf/2112.06324.pdf. We also reported this bug at Firefox here: https://bugzilla.mozilla.org/show_bug.cgi?id=1730797
Of course I'll be very happy to discuss the attack and mitigations.