Google Publishes "Leaky.Page" Showing Spectre In Action Within Web Browsers

Source: https://www.phoronix.com/scan.php?page=news_item&px=Google-Leaky.Page-Spectre

by: Michael Larabel | Published: March 12, 2021

Google has published their proof-of-concept code showing the practicality of Spectre exploits within modern web browsers' JavaScript engines. The code is out there and you can even try it for yourself on the leaky.page web-site.

Google's Leaky.Page code shows its possible to leak data at around 1kB/s when running their Chrome web browser on a Skylake CPU. The proof-of-concept code is catering to Intel Skylake CPUs while it should also work for other processors and browsers with minor modifications to the JavaScript. Google was also successful in running this Leaky.Page attack on Apple M1 ARM CPUs without any major changes.

Google also prototyped code capable of leaking data at a rate of 8kB/s but with lower stability. On the other side, they have proof-of-concept code using JavaScript timers that can leak at 60B/s.

Google's Leaky.Page PoC is a Spectre V1 gadget that is a JavaScript array that is speculatively accessed out of bounds. While the V1 gadget can be mitigated at the software level, Chrome's V8 team determined that other gadgets such as for Spectre Variant 4 to be "simply infeasible in software" for mitigating.

More details on Google's latest Spectre findings via the Google Security Blog. The proof-of-concept Spectre code can be found at leaky.page.

This week meanwhile the W3C published an editor's draft of web developer recommendations around Spectre.

Tags: Date-2021-03-12, Internet

This page may have a talk page ?.