Meltdown and Spectre via JavaScript on Chrome

Any topic
Post Reply
admin
Site Admin
Posts: 219
Joined: Wed Feb 06, 2013 7:47 pm

Meltdown and Spectre via JavaScript on Chrome

Post by admin » Wed Jan 10, 2018 1:26 am

Seems Google is working to stop Meltdown and Spectre via javascript, they will apply some jitter on the function performance.now and also they will disable SharedArrayBuffer on v8.

They will patch source code in a few days and will update Advanced Chrome after that, I will try to apply the patch to old custom build so both versions get protection.

The chances right now to be hacked via javascript are slim but if you want to be on the safe side you can enable this chrome flag or disable javascript entirely:

chrome://flags/#enable-site-per-process

Here is more info and some javascript code that is supposed to dump cache data, tried it and returns 0 here, for now I will disable javascript on my browser.
https://react-etc.net/page/meltdown-spe ... it-example

rasie1
Posts: 28
Joined: Sun Jul 02, 2017 7:17 am

Re: Meltdown and Spectre via JavaScript on Chrome

Post by rasie1 » Wed Jan 10, 2018 10:56 am

When I type "chrome: // flags / #enable-site-per-process" into the Custom Build address bar, "Out-of-Process Iframes" will appear. Is that the same?

admin
Site Admin
Posts: 219
Joined: Wed Feb 06, 2013 7:47 pm

Re: Meltdown and Spectre via JavaScript on Chrome

Post by admin » Wed Jan 10, 2018 10:59 am

Hi, it must say this:

Strict site isolation
Experimental security mode that ensures each renderer process contains pages from at most one site. In this mode, out-of-process iframes will be used whenever an iframe is cross-site. – Mac, Windows, Linux, Chrome OS, Android

I don't know if older versions of chrome include that experiment, at least in build 65.xx exists.

rasie1
Posts: 28
Joined: Sun Jul 02, 2017 7:17 am

Re: Meltdown and Spectre via JavaScript on Chrome

Post by rasie1 » Thu Jan 11, 2018 12:07 pm

Hello admin,

At https://xlab.tencent.com/special/spectr ... check.html there is an online test to check if browsers are prone to Spectre Bug.

I tested your custom build there in unmodified configuration and it is not vulnerable.

admin
Site Admin
Posts: 219
Joined: Wed Feb 06, 2013 7:47 pm

Re: Meltdown and Spectre via JavaScript on Chrome

Post by admin » Thu Jan 11, 2018 2:35 pm

Yes, it is because the main vulnerable function SharedArrayBuffer was introduced later, so only newer builds are vulnerable, actually the versions that can be vulnerable are between 60 and 64.

Advanced Chrome custom builds were never vulnerable and Advanced Chrome latest build 65.0.3317.0 is already protected so current versions are both safe:
Latest Build 65.0.3317.0
11 - Jan - 2018
Custom Build 54.20.6530.0
05 - Jan - 2018

I left javascript disabled on my config anyway, there are some sites that abuse a lot of javascript CPU so disabled it globally and only enable it for specific sites using whitelist, but is a pain.

Maybe some kind of inverse aproach will work, enable it globally but being able to block a site quickly using some shortcut, maybe for next Advanced Chrome version will add a quick way to disable javascript when user detects something nasty on current webpage, right now you need many clicks to block javascript on current site.

Post Reply