Google has released a Proof-of-Concept (POC) that utilizes Spectre side-channel vulnerability, which targets the browser's JavaScript engine to leak information from its memory. Google released this POC for web app developers to highlight the importance of deploying application-level mitigations to stay secure from such attacks.
What happened?
Two variants of Spectre vulnerability were disclosed in 2018 and the current POC code is associated with variant 1 (CVE-2017-5753).
The POC shows a JavaScript Spectre attack targeting Chrome 88's V8 JavaScript engine on an Intel Core i7-6500U 'Skylake' CPU on Linux.
The code can be tweaked for other CPUs, browser versions, and operating systems, as well. It can be used on Apple's M1 Arm CPU with small modifications. The attack leaks data at 1KB per second.
The main components of this POC are a Spectre version 1 - gadget - or code that starts the attacker-controlled transient execution and a side-channel or side effects of the transient execution.
The variant 1 gadget can be stopped at a software level. However, the V8 team has discovered that mitigation of Spectre Variant 4 or Speculative Store Bypass is infeasible in software.
Security prototype released
The Google security team has developed a tool called Spectroscope (not an official Google product), which can help web developers and engineers to protect their websites from threats such as Spectre.
Spectroscope can scan all the associated web apps to find application resources that are not protected or are exposed to other websites.
Such exposed resources may be exfiltrated by malicious websites, consuming CPU-level information leaks and exploits.
Conclusion
The side-channel attacks executed via this PoC prove that attackers can read any data that enters a process hosting the attackers' code. While operating system and web browser developers nowadays have built-in protections, the design of existing web APIs still makes it possible to leak data, which calls for a new design framework altogether for better security.