|
|
|
|
|
|
by dual_basis
2585 days ago
|
|
|
Yes and no. It is possible to exploit Meltdown / Spectre via Javascript. From [0]: > This can happen when one has opened the other using window.open, or <a href="..." target="_blank">, or iframes. If a website contains user-specific data, there is a chance that another site could use these new vulnerabilities to read that user data. Most browsers have pushed patches which eliminate known mechanisms of leveraging the exploit, but the pathway cannot be completely mitigated by browser patches, I believe. [0] https://developers.google.com/web/updates/2018/02/meltdown-s... |
|
|