Websites can spy on user activity by analyzing SSD behavior

FROST is a proof-of-concept side-channel attack that leverages the browser's Origin Private File System (OPFS) to measure SSD contention timing from JavaScript, enabling remote fingerprinting of websites and applications on the same SSD; the technique requires only visiting a malicious webpage, has practical limits (large OPFS files, same-drive requirement), and researchers responsibly disclosed findings to browser vendors who are evaluating mitigations.