"Researchers identified a new side-channel attack called FROST that uses SSD I/O timing to track user activity. The attack runs via JavaScript in a browser and can infer open websites and applications. The technique requires a large OPFS file and is currently a research-level proof of concept."