My perspective is this. It’s being framed with the same level of boogedy boogedy a previous headlines like “Hackers capture passwords by listening to individual keypress sounds”.

No practical fingerprinting could be accomplished with this technique, but it is very distressing that individual tabs seem to have unmitigated control over drive read write.

The researchers responsibly disclosed FROST to Google, Apple, and Mozilla before publishing. The responses are worth reading carefully:

• Google said it does not consider browser fingerprinting to be a security vulnerability.

• Apple described the attack as “currently out of scope,” with possible mitigations in the future.

• Mozilla acknowledged the findings but has not implemented any fix.

In other words, the three companies that ship some of the world’s most-used browsers have collectively said “ok, not my concern”.

This isn’t entirely true. Apple and Google said “piss off”, but Firefox acknowledged the issue, but don’t yet have a solution, which doesn’t mean they aren’t working on one. It is bad, though, that they haven’t come up with something during the responsible disclosure timeline.

Hopefully as a result of this Firefox or their forks provide the capability to set RAM / disk permission or even script persistence permission as a per-site setting.