Threat Model for the Web (TMW)

A repository for the Threat Model for the Web.

Follows a curated list of resources.

Security and Web Platform

• Web Origin Concept
• Ethical Web Principles
• Tangled Web
• Securing the Web

Browsers

• The Browser Hacker’s Handbook
• The Security Architecture of the Chromium Browser
• Web Browser Security: Evolving Threats, Safeguards, and the Road Ahead
• Browser Security Handbook
• Firefox privacy and security features
• Secure Architecture
• Chrome Security Architecture - Process Level Snapshot
• Multi-Process Architecture
• Sandboxing
• How to Find Vulnerabilities in Web Browsers

Web APIs

• Permissions

Extensions

• A Study on Malicious Browser Extensions in 2025

Threat Models

• The Browser Threat Model
• Target Privacy Threat Model
• Threat model End-To-End
• Payment Handler Privacy Threat Model
• FIDO Security Reference (includes Threat Analysis and a Diagram)

Threats

• Self-Review Questionnaire: Security and Privacy
• Mitigating Browser Fingerprinting in Web Specifications
• Most Common Browser Threats in 2024: An Overview of Attack Mechanisms and Impacts
• Fingerprinting and Tracing Shadows: The Development and Impact of Browser Fingerprinting on Digital Privacy
• XS-Leaks Wiki
• Tracking
• Peripheral Instinct: How External Devices Breach Browser Sandboxes