Want To Play With A Spectre Exploit For Yourself?

Source: The Register Want To Play With A Spectre Exploit For Yourself?

With Tips On How Websites Can Mitigate The Attack

The Spectre exploit certainly lives up to it’s name, living on to haunt older hardware like Intel’s Skylake family of CPUs but the news is not all horrible.  Google have released proof-of-concept code which leverages the Spectre execution branch vulnerability on Chrome 88 that demonstrates how the attack would work against a target machine.  They also suggest that this attack could well succeed on other browsers as well as other hardware, up to and including Apple’s shiny new M1.

The code is still posted to GitHub, seeing as how it isn’t a Microsoft’s vulnerability, and it allows you to try out the two stage attack on your own.  The first piece is a timing attack to infer which memory addresses are being accessed, followed up by a JavaScript array and recover cached data thanks to the Spectre vulnerability itself.

There is also a link at The Register to the test webpage Google set up to let you see it in action if you prefer that to reading the code.  It also demonstrates the same attack, which can harvest encryption keys and other data stored stored in memory.  The website and GitHub post also covers suggested ways that a website could help mitigate this vulnerability.  You should stop reading at that point, as there are apparently worse proof of concept attacks which Google has not posted as they are more effective at operating in the wild.

Google on Friday released proof-of-concept code for conducting a Spectre-based attack against its Chrome browser to show how web developers can take steps to mitigate browser-based side-channel attacks.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!