DOM-XSS Bug Affecting Tinder, Shopify, Yelp, and More October 11, 2018 https://securityaffairs.co/wordpress/77056/hacking/dom-xss-bug-tinder.html
Info of 685 Million Users at Risk Because of Multiple Branch.io XSS Flaws https://news.softpedia.com/news/inf...-of-multiple-branch-io-xss-flaws-523267.shtml
I don't think process isolation helps, but AFAIK what end user can is not far diff from other basic tactics to fight against (reflective or type-2) XSS. i.e. block untrusted scripts, do not browse while you're logging in but instead use separate browser or separate profiles (or per-tab sandbox), check whether your impo service uses CSP and other security measures (and consider to move to another or close account if their security is poor). The latter is often forgotten security practice I think. Also you can disable some browser function often abused in DOM-based XSS such as IndexedDB but it's not comprehensive as there're too many func susceptible to abuse and will cause trouble. I didn't know but in 2012 all sites using jQuery Mobile also suffered by DOM-based XSS vuln. Experts suggest the risk of this is increasing, as (1) more and more sites rely on JS (2) it's more likely to bypass built-in XSS auditor and also hard-to-detect on server, and (3) harder to spot the vuln by traditional scan, despite bad guys can spot.
Recent Branch.io Patch Creates New XSS Flaw October 22, 2018 https://www.securityweek.com/recent-branchio-patch-creates-new-xss-flaw
