[German]Google published a proof of concept (PoC) this week on how the Specte vulnerability can be exploited via JavaScript in the Chrome browser. Hence, some information and a little gimmick on how to test it.
Advertising
The Spectre vulnerability
It was the security topic par excellence that kept us busy in May 2018. Researchers, among others from TU-Graz, had discovered mechanisms to execute attacks on actually protected memory areas in computers and read out information. This is based on the theoretical principles that are known as Meltdown and Spectre in various research documents (from the University of Graz, among others).
- Spectre (variants 1 and 2): This breaks the isolation between different applications. It allows an attacker to trick bug-free programs that follow best practices into revealing their data. In fact, best practices security checks actually increase the attack surface and can make applications more vulnerable to Spectre. This vulnerability exists on all CPUs, according to current knowledge.
- Meltdown (Variant 3): This breaks the basic isolation between user applications and the operating system. This attack allows a program to access the memory and thus also the data of other programs and the operating system. To the best of our knowledge, this vulnerability only exists on Intel CPUs.
The PDF documents concerned can be accessed via the links. Information can also be found at meltdownattack.com.
Google presents proof of concept
Google has published a proof of concept (PoC) as JavaScript code to demonstrate the practicality of using Spectre exploits. These can target from web pages via the web browser to access information from a browser's memory or system. Colleagues at Bleeping Computer described the details in this article.
A test in Google Chrome 88?
I just came across a website via Twitter where someone is exploiting the Spectre vulnerability in CPUs in JavaScript to demonstrate the attack. Didn't want to keep it from you – in case someone wants to test their system.
Advertising
All that is needed is a Google Chrome browser version 88 or higher (Edge should do as well) and JavaScript must be allowed. Just click on the image above to open this web page. Then you can switch between the demo pages at the bottom via prev and next and start a test. The run button can be found in the left column when scrolling down. Is however everything from the descriptions in English held – and on my system I could determine with short tests nothing meaningful from my CPU memory. The attempts with the memory accesses ended with an error – my Quad-Core-CPU is probably too old for such a crap and rejected it all ;-).
Advertising