With Tips On How Websites Can Mitigate The Attack
The Spectre exploit certainly lives up to it’s name, living on to haunt older hardware like Intel’s Skylake family of CPUs but the news is not all horrible. Google have released proof-of-concept code which leverages the Spectre execution branch vulnerability on Chrome 88 that demonstrates how the attack would work against a target machine. They also suggest that this attack could well succeed on other browsers as well as other hardware, up to and including Apple’s shiny new M1.
There is also a link at The Register to the test webpage Google set up to let you see it in action if you prefer that to reading the code. It also demonstrates the same attack, which can harvest encryption keys and other data stored stored in memory. The website and GitHub post also covers suggested ways that a website could help mitigate this vulnerability. You should stop reading at that point, as there are apparently worse proof of concept attacks which Google has not posted as they are more effective at operating in the wild.
Google on Friday released proof-of-concept code for conducting a Spectre-based attack against its Chrome browser to show how web developers can take steps to mitigate browser-based side-channel attacks.