Security News > 2021 > March > Google shares Spectre PoC targeting browser JavaScript engines

Google shares Spectre PoC targeting browser JavaScript engines
2021-03-12 19:30

Google has published JavaScript proof-of-concept code to demonstrate the practicality of using Spectre exploits targeting web browsers to access information from a browser's memory.

According to the Google Security Team, the PoC shared today works across a wide range of processor architectures, operating systems, and hardware generations.

Security mechanisms vendors have added to web browsers to protect users from Spectre attacks don't actually block exploitation attempts.

The Google Security Team also created a prototype Chrome extension named Spectroscope to help security engineers and web developers protect their websites from Spectre.

"Today, we're sharing proof-of-concept code that confirms the practicality of Spectre exploits against JavaScript engines," said Stephen Röttger and Artur Janc, Information Security Engineers at Google.

The Spectre security vulnerability was unveiled as a hardware bug by Google Project Zero security researchers in January 2018.


News URL

https://www.bleepingcomputer.com/news/security/google-shares-spectre-poc-targeting-browser-javascript-engines/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 253 4216 4506 727 9702