Researchers from University College London, Stanford Engineering, Google, Chalmers University of Technology and Mozilla Research have built the system called 'Confinement with Origin Web Labels,' or COWL.
It works with Mozilla's Firefox and the open-source version of Google's Chrome web browsers and prevents malicious code in a web site from leaking sensitive information to unauthorised parties, while allowing code in a web site to display content drawn from multiple web sites - an essential function for modern, feature-rich web applications.
Currently, web users' privacy can be compromised by malicious JavaScript code hidden in seemingly legitimate web sites.
The web site's operator may have incorporated code obtained elsewhere into his or her web site without realising that the code contains bugs or is malicious.
Also Read
Such code can access sensitive data within the same or other browser tabs, allowing unauthorised parties to obtain or modify data without the user's knowledge.
"The new system provides a property known as 'confinement' which has been known since the 1970s, but proven difficult to achieve in practical systems like web browsers," co-author Professor Brad Karp from UCL said.
"If a JavaScript programme embedded within one web site reads information provided by another web site - legitimately or otherwise - COWL permits the data to be shared, but thereafter restricts the application receiving the information from communicating it to unauthorised parties.
"As a result, the site that shares data maintains control over it, even after sharing the information within the browser," Karp said.