Google releases proof of concept of CPU vulnerability 'Specter' and extension 'Spectroscope' to search for vulnerable endpoints
Google has released a
Google Online Security Blog: A Specter proof-of-concept for a Specter-proof web
https://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html
Google emits data-leaking proof-of-concept Specter exploit for Intel CPUs to really get everyone's attention • The Register
The code is published on GitHub. When run on Chrome 88, it can show that an attacker can retrieve data from memory at a speed of 1KB per second.
security-research-pocs / specter.js at master · google / security-research-pocs · GitHub
https://github.com/google/security-research-pocs/tree/master/spectre.js
A demonstration site is also available. Please note that this demo only shows the reproducibility of the web-based 'Specter', and it is prefaced that it is not a test to confirm whether the terminal on which the demo was run is affected by the vulnerability.
Specter
https://leaky.page/
You can see how the demo is running in the following movie.
Specter JS Demo --YouTube
In addition, Google has released an extension 'Spectroscope' for security engineers and web developers to search for potentially vulnerable endpoints. In addition, this extension is just a prototype, not an official Google extension.
Spectroscope --Chrome Web Store
https://chrome.google.com/webstore/detail/spectroscope/idppnaadbabknjeaifkegolcciafchpp
Related Posts:
in Note, Software, Web Service, Posted by logc_nt