Security News > 2021 > March > Google emits data-leaking proof-of-concept Spectre exploit for Intel CPUs to really get everyone's attention
Google on Friday released proof-of-concept code for conducting a Spectre-based attack against its Chrome browser to show how web developers can take steps to mitigate browser-based side-channel attacks.
The code, posted to GitHub, demonstrates how an attacker can pull data from device memory at speed of 1kB/s when running on Chrome 88 on an Intel Skylake CPU. According to Google, the attack should work on other browsers, even those running on Arm-based Apple M1 chips.
Armed with this information, the attacker can use a Spectre gadget - a code structure in memory - to test a JavaScript array and recover cached data.
"The Spectre vulnerability, disclosed to the public in January 2018, makes use of a class of processor design vulnerabilities that allow an attacker to change the intended program control flow while the CPU is speculatively executing subsequent instructions," explained Google security engineers Stephen Röttger and Artur Janc in a blog post.
"While the CPU state is rolled back once the misprediction is noticed, this behavior leaves observable side effects which can leak data to an attacker," they explain.
Google's software engineers managed to make their technique more effective against low-precision timers by figuring out a way to abuse the Tree-PLRU cache eviction strategy, used to clear data in many modern CPUs.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/03/12/google_spectre_code/
Related news
- New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data (source)
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel (source)
- Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs (source)