Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
This POC shows how browser crashes could potentially be detected.
node ./server.js
The idea was to check if the page becomes unresponsive or is very close to hitting memory limits and report it over HTTP to persisted storage.
The tab may be near crash when:
window.performance.memory
I wasn't able to get reliable, consistent results with this approach
The idea is to track active tabs and last active pings + stop tracking when tab closes correctly. Based on that info if the tab stopped sending pings + it was not closed correctly we assume it's frozen or crashed.
Detection would consist of following components:
In the POC following approaches were considered:
Choice: IndexedDB
Choice: setInterval inside a service/web worker
Choice: Save inside a web worker
A caveat is that Firefox doesn't kill the web worker immediately when tab crashes. This could lead to scenario when the detector thinks that the tab is still alive. At the same time we need to track the time tab was last active. To mitigate it we can keep both: last time the tab was active (for reporting) and last time the worker was active (to detect crashes).
Choice: Use shared web worker. In theory it should work with a service worker as well though based on experiments service worker may be killed when tab crashes, while shared web workers seems to keep running.
sequenceDiagram
autonumber
ClientController->>ClientWorker: Start
loop Update Loop
ClientWorker-->+ClientWorker: setInterval(..., 1000)
ClientWorker-->>ClientController: ping
ClientController->>ClientWorker: on ping from worker: post update { id, url, memory, ... }
ClientWorker->>IndexedDb: put { id, url, memory, tabLastActive, ... }
end
loop Activity Loop
ClientWorker-->+ClientWorker: setInterval(..., 1000)
ClientWorker->>IndexedDb: put { workerLastActive, ... }
end
ClientController->>ClientWorker: Stop
ClientWorker->>IndexedDb: delete { id }
A separate process check for stale tabs and reports back to the backend. It connects to the same IndexedDB
sequenceDiagram
autonumber
Detector->>+Detector: setInterval(..., 1000)
Detector->>IndexedDb: get all tabs
Detector->>Detector: check if workerLastActive > 3 seconds
Detector->>-Backend: /crash-report { id, url, memory, tabLastActive ... }
workerLastActive timestamp is used to detect actual crash of a tab and tabLastActive is used for reporting. They may be out of step in Firefox which keeps the worked active after the tab crashes OR when thread on the tab is paused due to debugging (web worker will keep running)
FAQs
This POC shows how browser crashes could potentially be detected.
We found that crashme demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.