The ghosts of the Meltdown and Spectre will haunt the computing industry for years to come. But now that the initial patching efforts for those CPU flaws are drawing to an end, Google and Microsoft have disclosed a related “speculative execution” attack dubbed Speculative Store Bypass, or simply Variant 4. (Meltdown and the two Spectre flaws were the first three variants.) Don’t panic though.
Let’s start with the bad news: Speculative Store Bypass affects Intel, AMD, and ARM chips, meaning mobile devices are also affected. But fortunately, Variant 4 attacks runtime languages in browsers like Chrome, Firefox, and Edge—just like one of the previous Spectre attacks. “Starting in January, most leading browser providers deployed mitigations for Variant 1 in their managed runtimes – mitigations that substantially increase the difficulty of exploiting side channels in a web browser,” Intel’s Leslie Culbertson says. “These mitigations are also applicable to Variant 4 and available for consumers to use today.”
To read this article in full, please click here