If I got the timeline right, Spectre was known before Shared Array Buffer was launched broadly in stable releases/auto-updates for web so that particularly bad vector could've been prevented. I understand the difficulties of disclosure but it seems like something broke down here.
-
-
I was shocked that this bug was exploitable via JS. Seemed too high level. Didn't know about SharedArrayBuffer. Is JS an attack vector for this vulnerability if SharedArrayBuffer did not exist?
-
It requires some source of high resolution timing. http://performance.now () would be enough.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.