More info at https://www.chromium.org/Home/chromium-security/ssca:
« Chrome's JavaScript engine, V8, will include mitigations starting
with Chrome 64, which will be released on or around January 23rd 2018.
Future Chrome releases will include additional mitigations and hardening
measures which will further reduce the impact of this class of attack.
Additionally, the SharedArrayBuffer feature is being disabled by
default. The mitigations may incur a performance penalty.
In line with other browsers, Chrome has disabled SharedArrayBuffer on
Chrome 63 starting on Jan 5th, and will modify the behavior of other
APIs such as performance.now, to help reduce the efficacy of speculative
side-channel attacks. This is intended as a temporary measure until
other mitigations are in place. »
I tested chromium 64.0.3282.39 against the Tencent tool, and it is reported as
NOT VULNERABLE.
There's a build of chromium 63.0.3239.132 currently going, I will test
it and report here as soon as it's completed.
** Changed in: chromium-browser (Ubuntu)
Status: New => Confirmed
** Changed in: chromium-browser (Ubuntu)
Importance: Undecided => High
** Changed in: chromium-browser (Ubuntu)
Assignee: (unassigned) => Olivier Tilloy (osomon)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1742740
Title:
Vulnerable to Spectre
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1742740/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
