Chrome Patch for Meltdown and Spectre not until January 23

According to Google’s support page, it will be over two weeks until the next version of Chrome (which includes mitigations to protect against Meltdown and Spectre) is released. For the time being, users may enable “Site Mitigation,” an experimental feature that makes it harder for untrusted websites to access or steal from information. Mozilla has already updated Firefox (57.0.4) with Meltdown and Spectre patches.

Chrome

There are certain complications trying to soft patch a hardware flaw whilst Microsoft/Intel/Motherboard vendors are working on their own solutions internally. Chrome releasing a “fix” is just meant as a band-aid until the real fix comes, which is technically never since the CPU’s need to be redesigned themselves.

Site Isolation

Strict Site Isolation feature is only a workaround till the real patches are rolling out, some earlier tries to patch the flaws resulted with some problems. Such patches usually taking some time until get really getting fixed without any negative consequences for all.

A Proof of Concept (PoC) source code can be found here it demonstrate how to steal passwords under Chrome.

Advertisements

Comments are closed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: