How good are current browser mitigations against CPU vulnerabilities such as Spectre?
If I have an unmitigated system, will the web browser still be effective in keeping me protected against the exfiltration of random system memory contents?
AFAIK there are no specific mitigations against hardware vulnerabilities in a web browser. You have to rely on general techniques like tab sandboxing.
Yeah, which supposedly mitigates these vulns at least to an extent (source). I’m wondering how good/bad it is.
And there are some mitigations built into Firefox at least (here) but this post is from 2018
It is good against a specific variant of Spectre. There are some variants of Spectre which can only be patched in microcode.
There is zero real-world evidence of Spectre being used to steal data from web browsers.
I would be more worried about pretty much all other 0days/vulnerabilities. Spectre/Meltdown typically requires something like admin/physical access to a machine to execute. It’s more of a problem with shared computers like VMs in the cloud where multiple customers have root access at some level, and less of a problem for personal computers. If you are still concerned the answer is to buy a system which mitigates the vulnerabilities.
I see. That’s good to hear. Thanks.
I’m booting the system with mitigations=off temporarily because I gain 15 fps in some video games. Was wondering how much exposure would actually be a significant threat to the security of my system while in this “untrusted mode”. things to avoid etc. Casual web browsing should probably be fine, then.
1 Like
Disabling the JIT and WASM as well as the timing mitigations offered by eg. Firefox’s resistFingerprinting can mitigate such speculative attacks.
It should be noted that Linux does NOT mitigate Spectre v2 for userspace-userspace interactions by default.
You must boot with spectre_v2=on.
Please do not do this.
1 Like
Please elaborate. What risks am I exposing myself to?
The plan is to not load any sensitive data into memory (no unlocking password manager database etc). Workflow here is: Boot the (sandboxed) game, look up guides online, browse random websites, view youtube videos, reboot when done. I do disable JIT and WASM already, and JS is blocked by default by uBO. I even made a waybar module to scream at me that the CPU mitigations are off so that I don’t forget. The 10-15 FPS gain makes games that are otherwise unplayable, playable… My CPU is 10 years old.