V8 & Spectre
2019-04-24 16:19:00.157177+00 by Dan Lyke 0 comments
V8: A year with Spectre: a V8 perspective.
On January 3, 2018, Google Project Zero and others disclosed the first three of a new class of vulnerabilities that affect CPUs that perform speculative execution, dubbed Spectre and Meltdown. Using the speculative execution mechanisms of CPUs, an attacker could temporarily bypass both implicit and explicit safety checks in code that prevent programs from reading unauthorized data in memory. While processor speculation was designed to be a microarchitectural detail, invisible at the architectural level, carefully crafted programs could read unauthorized information in speculation and disclose it through side channels such as the execution time of a program fragment.
And, of course, JavaScript could be used to mount an attack, so the V8 team started looking at mitigation techniques.