Is Your Browser+CPU Vulnerable To Spectre?

Mr Evil · 12 Mar 2021 at 23:46

Here's a demo of a Spectre exploit in JavaScript: https://leaky.page/

I tried it in Chromium 88 on my 5950X. The "L1 Cache Timer" and "Memory Layout Inference" steps work, but the explot itself fails.

In Firefox 86, none of it works at all.

Does it work for anyone else with other CPUs? Maybe someone with the same configuration that it was developed on:

Chrome 88 running on an Intel® Core™ i7-6500U processor on Linux

Mr Evil · 15 Mar 2021 at 11:35

Since everyone here is too scared to click the link (and you should be, but the same applies to *every* web site if you have JS enabled), I tried it on an i7-6700K, which is the only Intel CPU I have access to at the moment. The exploit works on it.

I would still be interested to see if anyone can get it to work on other CPUs. Newer Intel, pre-Ryzen AMD, or any non-x86 CPU. I expect it will only work on CPUs similar to the one it was developed for, though that doesn't mean it couldn't be adapted to work on others.

Mr Evil · 15 Mar 2021 at 16:52

Unseen said:
Can somebody explain? I don't know if this is relateable but I was having problems with my 4790k when using Google Chrome...

As far as I know, this has never been seen "in the wild", so your problem is something else.

To explain what this is: Not long ago, a vulnerability was discovered in a lot of modern CPUs that allows code running on them to read memory that it shouldn't be allowed to. The vulnerability is called Spectre. When it was found, people immediately realized that it could be exploted through a browser, so browser makers made soem changes to prevent Spectre from working in JavaScript. This demo proves that those mitigations aren't sufficient.

I believe this is limited in scope to only memory used by the browser, not other programs, so the worst case would be if you visited a malicious website while logged into your bank account, it could read the session key and steal all your money.

Mr Evil · 15 Mar 2021 at 16:57

Gray2233 said:
Tried it on my HTPC: 1600AF + Chrome.

Failed.

That's what I expected. I doubt this will work on any AMD CPU (though it might theoretically be possible).

lsg1r said:
tried on an i7 4790k with firefox... it failed to do anything, no hexdump etc which I suppose is a good thing.

Probably it's limited to Chrome only. I don't understand how it all works well enough to say why.

billysielu said:
hmmm should I click a Spectre link posted by Mr Evil ... let's go with no.

Sensible even if it was posted by someone trustworthy. It's not mine, so I can't guarantee what the code there does, even if it appears to be safe at the moment.