On Fri, Jan 5, 2018 at 7:34 AM, Walter Dnes <waltd...@waltdnes.org> wrote: > > I wonder if it's possible to compile a web browser with protection > against the exploits, but turn it off for other apps. That would > protect against external attacks, while not hurting local app speed. >
There are three exploits, all requiring different solutions. Only exploit 3 has a solution which impacts speed. Trying to fix exploit 3 in the browser seems dubious. You'd need to detect code patterns that could be trying to trigger the exploit before they're run, because the CPU itself isn't going to provide any protection here. Exploit 3 is the only exploit that doesn't require some kind of underlying vulnerability in a piece of software that is being attacked (in addition to the CPU vulnerability). Exploits 1/2 do require fixes in the browser already, but those don't significantly impact performance. Those fixes are also still being worked on. -- Rich