Geeks for your information News Privacy & Security News v
Google Releases Spectre PoC Exploit For Chrome
Google Releases Spectre PoC Exploit For Chrome
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
Information  16 March 21, 20:14
Quote:Google has released proof-of-concept (PoC) exploit code, which leverages the Spectre attack against the Chrome browser to leak data from websites.
 
Three years after the Spectre attack was first disclosed, researchers with Google have now released a demonstration website that leverages the attack, written in JavaScript, to leak data at a speed of 1 kilobyte per second (kbps) when running on Chrome 88 on an Intel Skylake CPU.
 
The researchers said they hope the PoC will light a fire under web application developers to take active steps to protect their sites.
 
“Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines,” said Stephen Röttger and Artur Janc, information security engineers with Google, on Friday. “We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to this exploitation vector.”

Spectre and Speculative-Execution Attacks
 
The Spectre (CVE-2017-5753 and CVE-2017-5715) and Meltdown (CVE-2017-5754) flaws rocked the silicon industry when the vulnerabilities were made public in early 2018. These vulnerabilities derive from a process called speculative execution in processors. It’s is used in microprocessors so that memory can read before the addresses of all prior memory writes are known; an attacker with local user access can use a side-channel analysis to gain unauthorized disclosure of information.
 
What originally set Spectre apart was its sheer breadth in terms of affected devices – the attack impacted many modern processors, including those made by Intel and AMD; as well as major operating systems like Android, ChromeOS, Linux, macOS and Windows. One variant, Variant 1, (CVE-2017-5753) also related to JavaScript exploitation against browsers.
 
At the same time, after the public disclosure of Spectre, hardware and software manufacturers, as well as browser-makers, released various mitigations against the attacks.

Read more: Google Releases Spectre PoC Exploit For Chrome | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
AnyViewer 3.5.1 for Android
Version 3.5.1 A...harlan4096 — 09:41
AnyViewer 3.3.0 for macOS
Version 3.3.0: ...harlan4096 — 09:36
Microsoft Edge 140.0.3485.66
Version 140.0.3485...harlan4096 — 06:45
Adlice Protect (formerly RogueKiller) 16...
V16.3.0 08/28/2025...harlan4096 — 06:39
Opera 122.0.5643.17
Hello, Opera 12...harlan4096 — 06:38

[-]
Birthdays
Today's Birthdays
avatar (50)diplomasync
avatar (49)Myronjax
Upcoming Birthdays
avatar (38)fapedDow
avatar (48)pohudidere
avatar (48)rarinsWax
avatar (25)DianaBrown
avatar (38)eqiduseb
avatar (45)ThomasLYDAY
avatar (40)upakoExapy
avatar (49)skepwHug
avatar (38)RicardoGoase
avatar (42)Edwardgef
avatar (43)Denpokhew
avatar (35)azidony
avatar (40)maskbSleew

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>