Security News > 2021 > March > Google emits data-leaking proof-of-concept Spectre exploit for Intel CPUs to really get everyone's attention

Google emits data-leaking proof-of-concept Spectre exploit for Intel CPUs to really get everyone's attention
2021-03-12 21:28

Google on Friday released proof-of-concept code for conducting a Spectre-based attack against its Chrome browser to show how web developers can take steps to mitigate browser-based side-channel attacks.

The code, posted to GitHub, demonstrates how an attacker can pull data from device memory at speed of 1kB/s when running on Chrome 88 on an Intel Skylake CPU. According to Google, the attack should work on other browsers, even those running on Arm-based Apple M1 chips.

Armed with this information, the attacker can use a Spectre gadget - a code structure in memory - to test a JavaScript array and recover cached data.

"The Spectre vulnerability, disclosed to the public in January 2018, makes use of a class of processor design vulnerabilities that allow an attacker to change the intended program control flow while the CPU is speculatively executing subsequent instructions," explained Google security engineers Stephen Röttger and Artur Janc in a blog post.

"While the CPU state is rolled back once the misprediction is noticed, this behavior leaves observable side effects which can leak data to an attacker," they explain.

Google's software engineers managed to make their technique more effective against low-precision timers by figuring out a way to abuse the Tree-PLRU cache eviction strategy, used to clear data in many modern CPUs.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/03/12/google_spectre_code/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995
Intel 6314 31 755 708 45 1539