[webkit-dev] Meltdown and Spectre attacks
Filip Pizlo
fpizlo at apple.com
Fri Jan 5 11:37:12 PST 2018
Here is what else is in trunk:
- index masking
- pointer poisoning
I’m going to write up what our thoughts are shortly. :-) For now feel free to browse the code with those two hints.
-Filip
> On Jan 5, 2018, at 8:31 AM, Konstantin Tokarev <annulen at yandex.ru> wrote:
>
>
>
>> Hi,
>>
>> Here's a collection of blog posts from other major browser vendors
>> regarding the Meltdown and Spectre attacks:
>>
>> https://blogs.windows.com/msedgedev/2018/01/03/speculative-execution-mitigations-microsoft-edge-internet-explorer/
>>
>> https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
>>
>> https://sites.google.com/a/chromium.org/dev/Home/chromium-security/ssca
>>
>> Notably, Edge and Firefox are reducing the resolution of
>> performance.now(), and all three are disabling SharedArrayBuffer.
>>
>> This is just a heads-up.
>
> Seems like both mitigations are already present in trunk
>
>>
>> Michael
>>
>> _______________________________________________
>> webkit-dev mailing list
>> webkit-dev at lists.webkit.org <mailto:webkit-dev at lists.webkit.org>
>> https://lists.webkit.org/mailman/listinfo/webkit-dev <https://lists.webkit.org/mailman/listinfo/webkit-dev>
> --
> Regards,
> Konstantin
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org <mailto:webkit-dev at lists.webkit.org>
> https://lists.webkit.org/mailman/listinfo/webkit-dev <https://lists.webkit.org/mailman/listinfo/webkit-dev>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20180105/7fc12276/attachment.html>
More information about the webkit-dev
mailing list