|
|
|
|
|
|
by marcan_42
1675 days ago
|
|
|
> There is no attack when no code is being run. https://9to5mac.com/2021/03/11/browser-based-attack-affects-... Turns out you don't need Turing completeness to perform microarchitectural side channel attacks. This is yet another way in which the "all my software is free, therefore I am safe from attacks" fallacy breaks down. Nevermind that, as pointed out by other replies, LibreJS provides zero security. It relies on scripts voluntarily declaring that they're freely licensed, and if they do, they're allowed to run. The extension doesn't care whether the script is malicious or not. |
|
|
I am still safe.