Reply to post: Re: Spectre?

Chrome 66: Get into the bin, auto-playing vids and Symantec certs!

Fullmetal5

Re: Spectre?

I don't know Spectre stuff very well but from what I understand this isn't about ALSR like the other commenter was saying but about making the Javascript JIT that is included in Google Chrome avoid generating code that could be abused for speculative execution or generate some speculative execution barrier in the vulnerable parts. This is because Javascript gets compiled to assembly for performance instead of being interpreted. Chrome's JIT implementation (called V8) had the possibility to JIT code that could be abused to do timing attacks against some address and figure out either if there was anything mapped there or if some data they predicted would be there.

As for your comment on process isolation. I believe it's because Spectre was never about getting info from other SEPARATE processes. It was about getting info from mapped pages that weren't readable to the current process. Like ring-0 code reading something vs ring-3 code reading something. As long as none of the other pages from that process were mapped into memory of the second process then I don't think Spectre affects things like this. The reason Chrome does process isolation is so that if someone gets code execution in a rendering process or such then it won't be able to read things like cookies or the page contents of sites that weren't from the same origin as that rendering process.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019