That will make the attacks both much harder and less efficient. In today’s Opera 50 update we have a fix that blunts the main tool for the attack: The very high precision timer you get with performance.now().Īfter the change, performance.now() has a precision of 100μs and additionally it has received a small amount of randomness in it. That way you can deduce what the value of that secret memory is. ![]() The information leak happens because certain machinecode takes different amounts of time to execute depending on the value of otherwise secret memory. Fully addressing these flaws is something that will take a long time, potentially requiring redesigned hardware, but as a browser vendor we have a duty to protect our users despite the circumstances so we are not waiting. ![]() In recent weeks a lot has been written about the security flaws in modern processors codenamed “Meltdown” and “Spectre”. We also repaired bugs in Windows installer. Today we are updating the Stable channel with some important security fixes.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |