A CPU sidechannel attack breaks TBB tab isolation . The researchers’ solution was a browser add-on or the advice not to use the same browsing session for different identities.
If this is a fundamental design flaw that still applies (I think it does) we need to document it on TBB’s page so people take this into account for opsec. I don’t know if or how TPO responded to this attack discovered since Jan this year.
Multiple Tor Browser Instances and Whonix-Workstation ™
Multiple Tor Browser Instances: To better separate different contextual identities, consider starting multiple Tor Browser instances and running them through different SocksPorts. This method is less secure than the method outlined below.
Multiple Whonix-Workstation ™: For tasks requiring different identities and/or additional software, it is recommended to compartmentalize activities and use two or more Whonix-Workstation ™ VMs. In this way, an exploit in Tor Browser in one Whonix-Workstation ™ cannot simultaneously read the individual’s identity in another VM (for example, an IRC account). [88] This method is less secure than using a Whonix-Workstation ™ Disposable with Tor Browser (see below).
So restarting Tor Browser, using its new identity function or multiple Whonix-Workstation as a recommendation to avoid multiple Tor Browser tabs being correlated to the same pseudonym is documented but perhaps due to the many things that are documented, the structure could be improved to provider better emphasis. Help welcome.