Cross-Origin Read Blocking (CORB) is an algorithm that can identify and block dubious cross-origin resource loads in web browsers before they reach the web page. CORB reduces the risk of leaking sensitive data by keeping it further from cross-origin web pages. In most browsers, it keeps such data out of untrusted script execution contexts. In browsers with Site Isolation, it can keep such data out of untrusted renderer processes entirely, helping even against side channel attacks like Spectre.
Status in Chromium
Enabled by default (tracking bug) in:
- Chrome for desktop release 67
- Chrome for Android release 68
- Android WebView release 68
Consensus & Standardization
Last updated on 2021-01-15