|
|
|
|
|
|
by kodablah
3095 days ago
|
|
|
From spectre.pdf: > In addition to violating process isolation boundaries using native code, Spectre attacks can also be used to violate browser sandboxing, by mounting them via portable JavaScript code. We wrote a JavaScript program that successfully reads data from the address space of the browser process running it. (granted I think site isolation, if enabled, mitigates crossing domain boundaries) It goes on to show a sample JS impl that JITs into the expected insns using V8. |
|
|
Edit - mixing it up with this other article (https://security.googleblog.com/2018/01/todays-cpu-vulnerabi...)