Reply to post: Re: Just kill ALL code in a browser.

Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits


Re: Just kill ALL code in a browser.

Yeah, that'll stop anyone exploiting cpu flaws.

Get the torches!!! They're running JavaScript!!!! It looks like C but the scoping's different!!!!!!!!!!!!

JavaScript isn't the issue. Automatically downloading and executing code that arrives over the internet (*.vbs email attachments?) is the issue.

The positive side is there are only a handful of JS engines in common use with V8 (Google open source) being the market leader. It should be possible to stamp out these exploits inside TurboFan (the V8 compiler) and the equivalents in other JS engines, which would automatically sanitise all the JS in circulation. Statically compiled code (C/C++ etc) is a much bigger problem in this regard.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019