Is Your Browser+CPU Vulnerable To Spectre?

Associate
Joined
19 Jul 2015
Posts
566
Here's a demo of a Spectre exploit in JavaScript: https://leaky.page/

I tried it in Chromium 88 on my 5950X. The "L1 Cache Timer" and "Memory Layout Inference" steps work, but the explot itself fails.

In Firefox 86, none of it works at all.

Does it work for anyone else with other CPUs? Maybe someone with the same configuration that it was developed on:
Chrome 88 running on an Intel® Core™ i7-6500U processor on Linux
 
Since everyone here is too scared to click the link (and you should be, but the same applies to *every* web site if you have JS enabled), I tried it on an i7-6700K, which is the only Intel CPU I have access to at the moment. The exploit works on it.

I would still be interested to see if anyone can get it to work on other CPUs. Newer Intel, pre-Ryzen AMD, or any non-x86 CPU. I expect it will only work on CPUs similar to the one it was developed for, though that doesn't mean it couldn't be adapted to work on others.
 
Can somebody explain? I don't know if this is relateable but I was having problems with my 4790k when using Google Chrome. With just a single tab open (task manager reports something like 13) my cpu usage was spiking anywhere between 1 and 100%. Similarly with the cpu temp. The service tool sometimes uses a lot of processor and raises temps to begin with for roughly 30s but Firefox doesn't have any of these type of problems. I could open 30 tabs and the usage overall is still pretty low, the temps have risen but not by much and the memory increased which was to be expected. I reset Google Chrome, removed the two extensions I had, deleted my profiles, caches etc and uninstalled and reinstalled the application and within a few days the same problem re-occured. Is this linked to the above or a different type of issue?
 
tried on an i7 4790k with firefox... it failed to do anything, no hexdump etc which I suppose is a good thing.
 
Can somebody explain? I don't know if this is relateable but I was having problems with my 4790k when using Google Chrome...
As far as I know, this has never been seen "in the wild", so your problem is something else.

To explain what this is: Not long ago, a vulnerability was discovered in a lot of modern CPUs that allows code running on them to read memory that it shouldn't be allowed to. The vulnerability is called Spectre. When it was found, people immediately realized that it could be exploted through a browser, so browser makers made soem changes to prevent Spectre from working in JavaScript. This demo proves that those mitigations aren't sufficient.

I believe this is limited in scope to only memory used by the browser, not other programs, so the worst case would be if you visited a malicious website while logged into your bank account, it could read the session key and steal all your money.
 
Tried it on my HTPC: 1600AF + Chrome.

Failed.
That's what I expected. I doubt this will work on any AMD CPU (though it might theoretically be possible).

tried on an i7 4790k with firefox... it failed to do anything, no hexdump etc which I suppose is a good thing.
Probably it's limited to Chrome only. I don't understand how it all works well enough to say why.

hmmm should I click a Spectre link posted by Mr Evil ... let's go with no.
Sensible even if it was posted by someone trustworthy. It's not mine, so I can't guarantee what the code there does, even if it appears to be safe at the moment.
 
That's what I expected. I doubt this will work on any AMD CPU (though it might theoretically be possible).

Unfortunately I sold the remnants of my last Intel rig (Ivybridge) last year or I'd have checked that.

There's a whole lot of people even today who are still on Intel tech from 2010 onwards, simply due to having little need to upgrade.
 
They've said in the blog post the demo needs to be tweaked to work on hardware/browser combinations other than Skylake/Kaby Lake and a chromium based browser, this specific demo isn't going to work in firefox, or on an AMD CPU but that doesn't necessarily mean it won't in the future. It already runs under Apples new M1 ARM platform with a minor code change so it's not just Intel platforms that are vulnerable.

As expected the exploit works on my kaby lake laptop (i5-8250u).
 
Back
Top Bottom