Spectre proof-of-concept shows how dangerous side-channel attacks against JavaScript engine can be

Google has released a proof of concept (PoC) code to demonstrate the practicality of Spectre side-channel attacks against a browser’s JavaScript engine to leak information from its memory.

Google in 2018 detailed two variants of Spectre, one of which – dubbed variant 1 (CVE-2017-5753) – concerned Javascript exploitation against browsers. Spectre targeted the process in modern CPUs called speculative execution to leak secrets such as passwords from one site to another malicious site.

Web developers can visit Google’s new page – at https://leaky.page – to see a demo of Spectre in JavaScript, a video demo on YouTube and a detailed write up of the PoC on GitHub.

Read more…
Source: ZDNet