🤖 AI Summary
This study addresses a previously unexamined security blind spot in web browser navigation, where Google Safe Browsing (GSB) checks and DNS resolution occur concurrently but lack systematic analysis of their packet-level timing synchronization. By capturing network traffic, the authors quantify the time gap (Δ_time) between GSB query termination and DNS response arrival, revealing that this temporal window can be exploited for DNS manipulation attacks, particularly in complex CNAME resolution scenarios. Analysis across general and CNAME-specific domain datasets shows that approximately 79% of samples exhibit a positive Δ_time, with median DNS response delays ranging from 67 to 79 milliseconds and maximum delays exceeding 2400 milliseconds. These findings demonstrate a significant and practically exploitable timing vulnerability inherent in current browser navigation protocols.
📝 Abstract
Google Safe Browsing (GSB) and DNS resolution operate concurrently during browser navigation, yet their packet-level synchronization remains understudied. This work characterizes the timing gap (\(Δ_{time}\)) between GSB-related query close events and parallel DNS resolution responses, identifying a consistent temporal offset with potential security relevance. Using packet-capture analysis across general and CNAME-domain datasets, we observe positive timing gaps in approximately 79\% of measurements. In these instances, DNS responses lag behind GSB-related query closures with median delays of 67-79 ms and maximum delays surpassing 2,400 ms. These empirical results highlight a measurable window within the browsing workflow. We suggest that such temporal inconsistencies, particularly in complex CNAME-domain resolutions, may create a security-relevant timing precondition under DNS-manipulation threat models. These results provide a foundation for further research into timing-based risks and mitigations in browser safety mechanisms.