spectre-js.md

Meltdown, Spectre Can Be Exploited Through Your Browser

Tom's Hardware has an article that explain the high level exploit, and there's the official vulnerabilities' website with links to the papers.

• Meltdown
• SPECTRE

..looks so strange to have vulnerabilities with an "official website" and logo..

At the end, these exploits are using a couple of features that all modern browsers provide:

• Shared Buffers
  • Mozilla: Mitigations landing for new class of timing attack
  • Chromium: Actions required to mitigate Speculative Side-Channel Attack techniques
• High Precision Timers
  • The Spy in the Sandbox -- Practical Cache Attacks in Javascript

How does it work?

Shared buffers are used to poison the CPU branch prediction logic, and then retrieve the content of the cache. To be able to identify if the data are from the cache or not, a sub-millisecond timer is required.

What are the mitigation steps?

The first line of action it has been to disable, by default, the shared buffers functionality and then to reduce the precision of the High Precision Timers (adding some Jittering).