Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Google Chrome to Get Meltdown and Spectre Patches on January 23
#1
http://news.softpedia.com/news/google-ch...9245.shtml       Google Chrome to Get Meltdown and Spectre Patches on January 23

A method to remain protect already exists though
Jan 5, 2018 10:53 GMT  ·  By Bogdan Popa   
Microsoft has already shipped updates to keep Edge users protected against the recently discovered CPU flaws and Mozilla did the same thing with the release of Firefox 57.0.4 only a few hours ago.

Google, on the other hand, which ironically is the company that discovered the said Meltdown and Spectre vulnerabilities, won’t deliver patches for Chrome browser until January 23 when version 64 is expected to ship.

“Chrome's JavaScript engine, V8, will include mitigations starting with Chrome 64, which will be released on or around January 23rd 2018. Future Chrome releases will include additional mitigations and hardening measures which will further reduce the impact of this class of attack,” Google says.

Just like Microsoft and Mozilla, Google Chrome 64 will disable SharedArrayBuffer by default and modify the behavior of performance.now() by reducing precision from 5µs to 20µs in order to block exploits attempting to take advantage of the security vulnerabilities.

Google acknowledges that “a performance penalty” might be experienced after making these changes, but says that they’re both only temporary until other mitigations are developed and the current functionality of the browser can be restored.

How to stay protected until Chrome 64 lands
In the post on the Chromium project site, Google explains that users can already remain protected against the two security bugs if they enable Site Isolation, an experimental feature which by default comes turned off in the stable versions of Chrome browser.

To enable Site Isolation, users only have to type chrome://flags#enable-site-per-process in the current stable version of Chrome browser and click Enable on the button next to the highlighted option. By default, this option creates a dedicated process for absolutely all websites, thus preventing them from sharing data with other sites and thus preventing attackers from stealing data.

With no other parameters configured, this feature isolates all sites, but you can also configure it only for specific websites using the following commands:


For just one site:
--isolate-origins=https://example.com
For multiple sites (notice the comma):
--isolate-origins=https://example.com,https://example2.com
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  It was a bad week for millions of people who rely on Google for apps and Chrome exten mrtrout 0 681 06-03-2023 , 04:09 AM
Last Post: mrtrout
  Google Chrome emergency update fixes first zero-day of 2023 mrtrout 0 484 04-15-2023 , 07:53 PM
Last Post: mrtrout
  Google Chrome emergency update fixes 9th zero-day of the year tarekma7 0 600 12-05-2022 , 04:19 PM
Last Post: tarekma7
  Google Patches 48 Vulnerabilities With First Set of 2022 Android Updates mrtrout 0 538 01-06-2022 , 12:48 AM
Last Post: mrtrout
  Why You Suddenly Need To Delete Google Chrome mrtrout 0 611 09-02-2021 , 08:59 AM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)