Hacker News new | ask | show | jobs
by zzzcpan 3081 days ago
So, suggesting Site Isolation as a mitigation is a security theater from Google to calm down some users, but it doesn't actually help anyone. The real mitigation is disabling javascript by default, which Google can never suggest.
2 comments
Certhas 3081 days ago
No.

- If you have an AMD CPU or run a Kernel with KPTI you are protected from Meltdown.

- If you have an AMD CPU or compile the browser with retpoline you are protected from the second variant of Spectre (branch misprediction).

- If you have site isolation you are protected from the first variant of Spectre (bound check).

Thus, as it stands (and my understanding is that more variants will inevitably be found), this feature alone mitigates the known attacks on AMD hardware.

Of course the real mitigation is to air-gap your computer and only run code you have proven to be secure by hand. But Google can never suggest that. /s

link
dralley 3081 days ago
Not true, the second variant of Spectre is harder to exploit on AMD, but possible.

AMD is pushing microcode updates to close those holes, too.

link
kllrnohj 3081 days ago
https://www.amd.com/en/corporate/speculative-execution

"Variant Two

Branch Target Injection

Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date."

And although Project Zero had multiple AMD test machines they did not make any claims that AMD was also vulnerable to variant 2. Can you link to any PoC that has gotten variant 2 to work on AMD?

link
rst 3081 days ago
Site isolation mitigates variant 1 of Spectre, which would otherwise allow hostile JS (served, e.g., from an ad server) to read the contents of web pages in other tabs (or anything else in browser memory -- passwords, etc.). Google has a PoC exploit for this.
link
floil 3081 days ago
It's not just other tabs: because of iframes, a single page can be composed of content from arbitrarily many sites. Without a browser architecture that allows documents embedded via iframe to be rendered out of process, each tab's process needs access to passwords, etc for every site.

Once you have support for out of process iframes, you can lock down each process so that it doesn't have access to data for sites other than the one it was created to render documents for. That lockdown is what can prevent Spectre variant 1 from being used to steal data cross-site: the data is no longer in the process to steal.

link