Security News > 2021 > March > Google emits data-leaking proof-of-concept Spectre exploit for Intel CPUs to really get everyone's attention
Google on Friday released proof-of-concept code for conducting a Spectre-based attack against its Chrome browser to show how web developers can take steps to mitigate browser-based side-channel attacks.
The code, posted to GitHub, demonstrates how an attacker can pull data from device memory at speed of 1kB/s when running on Chrome 88 on an Intel Skylake CPU. According to Google, the attack should work on other browsers, even those running on Arm-based Apple M1 chips.
Armed with this information, the attacker can use a Spectre gadget - a code structure in memory - to test a JavaScript array and recover cached data.
"The Spectre vulnerability, disclosed to the public in January 2018, makes use of a class of processor design vulnerabilities that allow an attacker to change the intended program control flow while the CPU is speculatively executing subsequent instructions," explained Google security engineers Stephen Röttger and Artur Janc in a blog post.
"While the CPU state is rolled back once the misprediction is noticed, this behavior leaves observable side effects which can leak data to an attacker," they explain.
Google's software engineers managed to make their technique more effective against low-precision timers by figuring out a way to abuse the Tree-PLRU cache eviction strategy, used to clear data in many modern CPUs.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/03/12/google_spectre_code/
Related news
- Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors (source)