> In addition to violating process isolation boundaries using native code, Spectre attacks can also be used to violate browser sandboxing, by mounting them via portable JavaScript code. We wrote a JavaScript program that successfully reads data from the address space of the browser process running it.
(granted I think site isolation, if enabled, mitigates crossing domain boundaries)
It goes on to show a sample JS impl that JITs into the expected insns using V8.
> In addition to violating process isolation boundaries using native code, Spectre attacks can also be used to violate browser sandboxing, by mounting them via portable JavaScript code. We wrote a JavaScript program that successfully reads data from the address space of the browser process running it.
(granted I think site isolation, if enabled, mitigates crossing domain boundaries)
It goes on to show a sample JS impl that JITs into the expected insns using V8.