Back from Beyond: New Spook.js Spectre Attack Plagues Google Chrome
Posted by marketing on Tue, 21/09/2021 - 10:45
First revealing themselves in 2018, Spectre-style attacks have been quietly exploiting security flaws in Chromium-based browsers (Google Chrome, Microsoft Edge, and Brave) to gain access to private and confidential information. Much like its counterpart, Meltdown, the Spectre vulnerability utilises a flaw in CPU optimization to breach security mechanisms and access a devices memory space - allowing hackers to obtain information all over the internet.
Although protections have already been implemented after the initial discovery of the Spectre vulnerability in 2018, the researchers stated that the existence of Spook.js “shows that these countermeasures are insufficient in order to protect users from browser-based speculative execution attacks”.
The researchers have since shared their findings with Google and the Chrome Security Team who extended site isolation so that "extensions can no longer share processes with each other", this update has been implemented in Chrome versions 92 onwards. However despite this upgrade, the invisible nature of Spectre attacks perfectly encapsulates the ever-changing landscape of internet security – it likely won’t be long before another exploit is located.