Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 4 Jan 2018 10:18:08 -0500
From:      Eric McCorkle <eric@metricspace.net>
To:        =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@des.no>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Intel hardware bug
Message-ID:  <867801a5-be19-8f62-fa46-2999d54c0967@metricspace.net>
In-Reply-To: <86zi5tu1a2.fsf@desk.des.no>
References:  <19097.1515012519@segfault.tristatelogic.com> <02563ce4-437c-ab96-54bb-a8b591900ba0@FreeBSD.org> <7C58A6DB-0760-4E5A-B65D-2ED6A6B7AAD2@acsalaska.net> <867esy2vwz.fsf@desk.des.no> <0bb7ffc6-fa51-98db-9dc1-1bd49e1c7b44@metricspace.net> <86zi5tu1a2.fsf@desk.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 01/04/2018 09:49, Dag-Erling Smørgrav wrote:
> Eric McCorkle <eric@metricspace.net> writes:
>> Given enough skill, resources, and motivation, it's likely that an
>> attacker could craft a javascript-based version of the attack, then
>> every javascript website (aka all of them) is a potential attack vector.
> 
> Uh, this has already been demonstrated.  According to Google, Chrome 64
> (to be released in a few days) includes countermeasures against it.  I
> don't have any further details.

This does not surprise me at all.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?867801a5-be19-8f62-fa46-2999d54c0967>