In contrast to other works in this genre, this attack does not require the attacker to install any software on the victim’s machine – to facilitate the attack, the victim needs only to browse to an untrusted webpage with attacker-controlled content.
In this paper the researchers shows how the micro-architectural side-channel attack, which is already recognized as an extremely potent attack method, can be effectively launched from an untrusted web page. Instead of the traditional cryptanalytic application of the cache attack, it shows how user behavior can be effectively tracked using this method. The potential reach of side channel attacks has been extended, meaning that additional classes of secure systems must be designed with side-channel countermeasures in mind.
Download the full paper from here - http://iss.oy.ne.ro/SpyInTheSandbox.pdf