Google releases proof of concept of CPU vulnerability 'Specter' and extension 'Spectroscope' to search for vulnerable endpoints



Google has released a

proof of concept (PoC) that can actually retrieve information from the memory of the browser to see how much the impact of the CPU vulnerability 'Specter' discovered in 2018 is.

Google Online Security Blog: A Specter proof-of-concept for a Specter-proof web
https://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html



Google emits data-leaking proof-of-concept Specter exploit for Intel CPUs to really get everyone's attention • The Register

https://www.theregister.com/2021/03/12/google_spectre_code/

The code is published on GitHub. When run on Chrome 88, it can show that an attacker can retrieve data from memory at a speed of 1KB per second.

security-research-pocs / specter.js at master · google / security-research-pocs · GitHub
https://github.com/google/security-research-pocs/tree/master/spectre.js

A demonstration site is also available. Please note that this demo only shows the reproducibility of the web-based 'Specter', and it is prefaced that it is not a test to confirm whether the terminal on which the demo was run is affected by the vulnerability.

Specter
https://leaky.page/

You can see how the demo is running in the following movie.

Specter JS Demo --YouTube


In addition, Google has released an extension 'Spectroscope' for security engineers and web developers to search for potentially vulnerable endpoints. In addition, this extension is just a prototype, not an official Google extension.

Spectroscope --Chrome Web Store
https://chrome.google.com/webstore/detail/spectroscope/idppnaadbabknjeaifkegolcciafchpp



in Note,   Software,   Web Service, Posted by logc_nt