• The researchers responsibly disclosed FROST to Google, Apple, and Mozilla before publishing. The responses are worth reading carefully:

    • Google said it does not consider browser fingerprinting to be a security vulnerability.

    • Apple described the attack as “currently out of scope,” with possible mitigations in the future.

    • Mozilla acknowledged the findings but has not implemented any fix.

    In other words, the three companies that ship some of the world’s most-used browsers have collectively said “ok, not my concern”. 

    Fingerprinting is treated as a known cost of doing business on the modern web, and a side channel that leaks tab and application data through a storage API is, apparently, not a fire worth putting out.