The system called 'Confinement with Origin Web Labels' (COWL) works with Mozilla's Firefox and Google's Chrome web browsers and prevents malicious codes in websites from leaking sensitive information to unauthorised parties.

Currently, web users' privacy can be compromised by a malicious JavaScript code hidden in seemingly legitimate websites. The website's operator may have incorporated a code obtained elsewhere into his or her website without realising that the code contains bugs or is malicious.

"Such codes can access sensitive data within the same or other browser tabs, allowing unauthorised parties to obtain or modify data without the user's knowledge," explained study co-author professor Brad Karp from the University College London.

"COWL achieves both privacy for the user and flexibility for the web application developer. Achieving both these aims, which are often in opposition in many system designs, is one of the central challenges in computer systems security research," Karp maintained.

Free to download, COWL lets web developers build feature-rich applications that combine data from different websites not requiring users to share their login details directly with third-party web applications.

"This ensures that the user's sensitive data seen by such an application does not leave the browser. Both web developers and users win," added Deian Stefan, PhD student at Stanford University.

The team included researchers from University College London, Stanford Engineering, Google, Chalmers and Mozilla Research.

The team described the system in a paper that is scheduled to be shared this month at the "Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation", a premier venue for operating systems research.