FEATURE REQUEST: Fix security leak of data in internal memory by encryption


#1

Dear Developers,

There seems to be a possible security issue with web browsers that may exist in Brave. I am using Windows 10.

When pages are loaded, used, and then closed, the data image is out of control of the browser, and under control of the OS as it passes between the browser and internal memory.

The problem is that when the browser tab/window is closed, the browser cannot guarantee that the memory image is destroyed as this is a property of the OS. It means that clever malicious applications could obtain data from the residual memory image. Enough could be reconstructed to assist in a security attack.

Can you implement a feature where data incoming to Brave from the external webserver is encrypted before it is deposited to internal memory? When the data is read from memory is decrypted at the moment before it is displayed in the browser window. No unencrypted data is ever stored in internal memory.

This would mean any data held in internal memory is encrypted and therefore inaccessible to other applications, and security is no longer dependant upon relying on the OS to destroy the memory image.

If you feel this may cause a performance impact, then it could be an optional feature.

Please let me know what you think?
Kind regards, Ben.