As third-party cookies are going away, first-party cookies are increasingly being used for tracking. Prior research has shown that third-party scripts write (or \textit{ghost-write}) first-party cookies in the browser's cookie jar because they are included in the website's main frame. What is more is that a third-party script is able to access all first-party cookies, both the actual first-party cookies as well as the ghost-written first-party cookies by different third-party scripts. Existing isolation mechanisms in the web browser such as SOP and CSP are not designed to address this lack of isolation between first-party cookies written by different third-parties. We conduct a comprehensive analysis of cross-domain first-party cookie retrieval, exfiltration, and modification on top-10K websites. Most notably, we find 18\% and 4\% of the first-party cookies are exfiltrated and overwritten, respectively, by cross-domain third-party scripts. We propose \name to introduce isolation between first-party cookies set by different third-party scripts in the main frame. To this end, \name intercepts cookie get and set operations between third-party scripts and the browser's cookie jar to enforce strict isolation between first-party cookies set by different third-party domains. Our evaluation of \name shows that it effectively blocks all cross-domain cookie read/write operations to provide a fully isolated cookie jar. While it generally does not impact appearance, navigation, or other website functionality, the strict isolation policy disrupts Single Sign-On (SSO) on just 11\% of websites that rely on first-party cookies for session management. Our work demonstrates the feasibility of isolating first-party cookies.

翻译：随着第三方Cookie逐步被淘汰，第一方Cookie正越来越多地被用于追踪。既往研究表明，第三方脚本会因嵌入网站主框架而在浏览器Cookie存储库中写入（即“代写”）第一方Cookie。更关键的是，第三方脚本能够访问所有第一方Cookie——既包括真实的第一方Cookie，也包括由不同第三方脚本代写的第一方Cookie。现有浏览器隔离机制如同源策略（SOP）和内容安全策略（CSP）并未解决不同第三方脚本写入的第一方Cookie之间缺乏隔离的问题。我们对排名前1万的网站开展了跨域第一方Cookie检索、泄露与修改的全面分析。最值得注意的是，我们发现有18%和4%的第一方Cookie分别被跨域第三方脚本泄露和覆写。为此，我们提出\name方法，在主框架中为不同第三方脚本设置的第一方Cookie引入隔离机制。具体而言，\name拦截第三方脚本与浏览器Cookie存储库之间的Cookie获取与设置操作，从而对来自不同第三方域的第一方Cookie实施严格隔离。我们对\name的评估表明，它能有效阻断所有跨域Cookie读写操作，实现完全隔离的Cookie存储库。尽管该机制通常不影响网站外观、导航或其他功能，但其严格隔离策略仅导致11%依赖第一方Cookie进行会话管理的网站的单点登录（SSO）功能失效。我们的研究验证了隔离第一方Cookie的可行性。