Security News > 2021 > March > Google Releases Spectre PoC Exploit For Chrome
![Google Releases Spectre PoC Exploit For Chrome](/static/build/img/news/google-releases-spectre-poc-exploit-for-chrome-medium.jpg)
Google has released proof-of-concept exploit code, which leverages the Spectre attack against the Chrome browser to leak data from websites.
Three years after the Spectre attack was first disclosed, researchers with Google have now released a demonstration website that leverages the attack, written in JavaScript, to leak data at a speed of 1 kilobyte per second when running on Chrome 88 on an Intel Skylake CPU. The researchers said they hope the PoC will light a fire under web application developers to take active steps to protect their sites.
"We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to this exploitation vector."
What originally set Spectre apart was its sheer breadth in terms of affected devices - the attack impacted many modern processors, including those made by Intel and AMD; as well as major operating systems like Android, ChromeOS, Linux, macOS and Windows.
At a high level, the PoC is comprised of a Spectre "Gadget," or code, that triggers attacker-controlled transient execution, and a side channel that serves as a method for attackers to observe the side effects of this transient execution.
The technique stemmed from reading sensitive data multiple times - which Google researchers argued can reduce the effectiveness of the attack if the information leak is subject to chance variation.
News URL
https://threatpost.com/google-spectre-poc-exploit-chrome/164787/
Related news
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel (source)
- Google Chrome is getting native support for YouTube-like video chapters (source)
- Google fixes fifth Chrome zero-day exploited in attacks this year (source)
- Google Chrome emergency update fixes 6th zero-day exploited in 2024 (source)
- PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers (source)
- Google patches third exploited Chrome zero-day in a week (source)
- Google fixes third actively exploited Chrome zero-day in a week (source)
- Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability (source)
- Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947) (source)