Jump to content
nsane.forums
Sign in to follow this  
zoran

Find Out if your Browser is Vulnerable to Spectre Attacks

Recommended Posts

zoran

Web browsers are the main target for attacks targeting the recently disclosed Spectre vulnerability. For home systems, one could argue that web browsers are the major attack vector. Why? Because browsers connect to remote sites, and these sites may run JavaScript to exploit the vulnerability.

 

Some browser makers pushed out patches fast. Mozilla and Microsoft did for instance whereas Google and the whole Chromium-based group of browsers are not patched yet.

 

There are ways to mitigate the issue in Chrome and other Chromium-based browsers such as Opera or Vivaldi. To mitigate known attack forms, users or admins have to enable strict site isolation in the web browser to do so.

 

While you can check whether your Windows operating system is vulnerable,  you could not check whether your web browser is patched or vulnerable up until now.

Web Browser Spectre Check

spectre-browser-check.jpg

 

This uncertainty is a thing of the past however as Tencent’s XUANWU Lab released an 

ONLİNE TESTER  that checks whether web browsers are vulnerable to Spectre.

Visit the Lab’s website to get started. You find a “click to check” button at the top that you need to activate to run the test.

It does not take long to test browsers. Some checks complete almost right away while others take longer to complete and involve cache processing.

spectre-vulnerability-check.jpg

Here is a quick list of tested browsers and their vulnerability status (always assume the latest version):

  • Firefox — not vulnerable
  • Firefox ESR — not vulnerable
  • Internet Explorer 11 — not vulnerable
  • Microsoft Edge — not vulnerable
  • Pale Moon — not vulnerable
  • Waterfox — not vulnerable
  • Chromium (latest) — not vulnerable
  • Google Chrome Canary — not vulnerable
  • Google Chrome Stable — vulnerable*
  • Opera Stable — vulnerable*
  • Vivaldi Stable — vulnerable*

*not vulnerable if you enable strict site isolation in the web browser.

Tencent’s security team notes that a result of vulnerable means that Spectre-based attacks will work in the browser. A status of not vulnerable, however, does not necessarily mean that the browser is adequately protected. It is protected against a known attack, but it is possible that unknown attack methods may exist that can exploit the issue still.

Closing Words

While there is still a bit of uncertainty left after your browser tested as not vulnerable in the test, it is still reassuring that known attacks can’t exploit the vulnerability. A good defense against potential attacks is the disabling of JavaScript or scripts in general. This makes the web less usable, however.

 

Now You:  Is your browser vulnerable?

Edited by zoran
edit

Share this post


Link to post
Share on other sites
steven36

Chromium stable they use on Linux is vulnerable as well  it want get updated tell Google Chrome does  next week , I use Waterfox mostly so i'm good . Slimjet  is vulnerable and it will be tell they upgrade to the version 64 code base  . Any Chromium  based browser using v63 and lower is vulnerable.

 

Some help here  on how to mitigate  it  tell they update

 

A Clear Guide to Meltdown and Spectre Patches

https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help

Increase security with site isolation

https://support.google.com/chrome/answer/7623121?hl=en-GB

 

Edited by steven36

Share this post


Link to post
Share on other sites
0bin

chrome://flags/#enable-site-per-process and click "enable" on "Strict site isolation."

 

 

Share this post


Link to post
Share on other sites
Reefa

OP you have to include a source link...

Quote

Any content copied from elsewhere should include a source link. guidelines

 

Share this post


Link to post
Share on other sites
Karlston

Another system checker here... InSpectre (by Steve Gibson)

 

Woody's intro for this utility... Scan for Meltdown and Spectre with Steve Gibson’s new “InSpectre” utility

Share this post


Link to post
Share on other sites
BioHazard

looks like I'm good :mellow:

13sQSRP.png

Share this post


Link to post
Share on other sites
Vdogeek

Thanks for the good info guys/gals....I'll check mine at home tonight :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×