Shared Storage Return Times Outside of Worklet Appear to Be Dependent on Activity in Worklet

[anisenoff]

It appears that you can influence the return times of calls to the shared storage API outside of the worklet by making calls to the API from inside the worklet. Below are histograms of the return times (relative to page navigation) from repeatedly calling window.sharedStorage.set from outside of the worklet in three scenarios.

If you don’t have anything happening in the worklet the return times create the histogram below.

If you also constantly call window.sharedStorage.set from inside of the worklet you get the following histogram of return times.

If you repeatedly call window.sharedStorage.set for periods of two seconds and then do nothing for two seconds from inside of the worklet you get the following histogram.

By looking at the return times of the function calls outside of the worklet you can learn about what is happening inside the worklet which can be based on information that has been stored in shared storage.

For reference, these graphs were generated in Chrome version 121.

[menonasha]

Hi @anisenoff , thanks for the report! We can think through potential mitigations here such as making set return instantly, rate limiting the number of sets and get calls as a mitigation, or limiting the duration of the worklet. However similar to the response for issue #86, we'd like to note that while this particular side-channel could be mitigated, not all can and we potentially need to lean on after-the-fact analysis to detect these patterns and adapt over time.