A researcher in the U.K. has developed a new technique that uses a combination of JavaScript-based timing attacks and other tactics to read any information he wants from a targeted user s browser. The attack works on all of the major browsers and researchers say there’s no simple fix to prevent it. The technique uses some known problems with browsers and JavaScript, but also hinges on some new issues that, when used in combination, can allow an attacker to get access to the source code on any Web page a user is logged into.
Source: https://threatpost.com/javascript-and-timing-attacks-used-to-steal-browser-data/101559/