Google engineers published a PoC exploit to demonstrate the effectiveness of using the Specter vulnerability in browsers to access information in memory.
This PoC exploit is reported to work with a wide range of architectures, operating systems, and hardware generations. It proves in practice that the protective mechanisms that developers have added to their browsers (for example, site isolation, Cross-Origin, Cross-Origin Read Blocking, and so on) do not actually work.
As a reminder, the original Specter issue (CVE-2017-5753) was discovered in 2018 along with the Meltdown bug. These fundamental flaws in the architecture of modern processors make it easy to break the isolation of the address space, read passwords, encryption keys, bank card numbers, arbitrary data of system and other user applications bypassing any security measures and on any OS.
Below you can see a video showing a successful Google exploit attack on an Intel i7-6500U-based machine running Ubuntu with Chrome 88 on board.
Google believes that developers should use new security mechanisms to protect against Specter and other cross-site attacks. In addition to standard protections such as X-Content-Type-Options and X-Frame-Options, Google recommends using:
- Cross-Origin Resource Policy (CORP) and Fetch Metadata Request Headers;
- Cross-Origin Opener Policy (COOP);
- Cross-Origin Embedder Policy (COEP).
In addition, Google engineers have created an extension for Chrome called Spectroscope, which should help information security professionals and developers to protect their sites from Specter. The extension scans web applications looking for resources where additional protections might be enabled.
Note that earlier this month, French cyber security specialist Julien Voisin discovered on VirusTotal “combat” exploits for the Specter vulnerability targeting Windows and Linux.