Speculative Store Bypass: spectre for browsers, the nightmare isn’t over yet

by mark · Published 23 May 2018 · Updated 23 May 2018

Earlier in January 2018 two huge vulnerabilities dubbed “Meltdown” and “Spectre” were discovered in Intel processors up to two decades old. The hardware vulnerabilities were so impacting that the patches rolled out to fix them would sensibly slow down processing speeds. If you thought that was the end of it, be prepared for the new Spectre-based vulnerability: Speculative Store Bypass.

Speculative Store Bypass for everyone

The video pretty much explains everything there is to know about this latest hardware-related bug. What’s worse is that Speculative Store Bypass also known as “Variant 4” is exploitable to steal sensitive information through JavaScript, hence the browser are target-able. Although not as serious as Meltdown or Spectre, the newest bug shouldn’t be underestimated just because it lacks a fancy name.

The performance degradation of the soon-to-be-available patch is estimated to be between 2% and 8%. That of course is added to the Meltdown and Spectre patches, provided you have installed them on your machine. The good news is that Meltdown and Spectre patches applied to browsers potentially make it really hard to exploit Speculative Store Bypass.

How about Rogue System Register Read (Variant 3a)?

Another vulnerability known as Rogue System Register Read was discovered alongside Variant 4. This vulnerability, known as Variant 3a, isn’t as dangerous as its bigger sister since it would require the attacker to have local access to the machine.

Stay up to date:

The advice, as always, is to keep software updated as much as possible. Patches for this new vulnerability aren’t yet available as of the time of writing this article, however you can find a list containing announcements and useful information regarding the vulnerability below.

CVE-2018-3639 – Speculative Store Bypass
CVE-2018-3640 – Rogue System Register Read (also known as Variant 3a)
Intel Security Advisory 00115
AMD Security Updates
ARM Security Updates
Red Hat Security Update
Red Hat – Speculative Store Bypass explained
Microsoft Security Advisory
Canonical Spectre and Meltdown dedicated page
SuSE Security Advisory
HP Security Bulletin
HPE Product Security Vulnerability List
Microsoft – Analysis and mitigation of speculative store bypass

Image courtesy of Red Hat

Author
Recent Posts

mark

The IT guy with a slight look of boredom in his eyes. Freelancer. Current interests: Kubernetes, Tensorflow, shiny new things.

Cookie	Duration	Description
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_60468161_1	past	Set by Google to distinguish users.
_ga_DR9SCJ09BV	2 years	This cookie is installed by Google Analytics.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.

Cookie	Duration	Description
edgebucket	session	Reddit sets this cookie to save the information about a log-on Reddit user, for the purpose of advertisement recommendations and updating the content.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	14 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
csv	2 years	No description available.
GoogleAdServingTest	session	No description
wp_api	past	No description
wp_api_sec	past	No description
_pk_id.1.95fa	1 year 27 days	No description
_pk_ses.1.95fa	29 minutes	No description
__smSessionId	9 hours	No description available.
__smToken	1 year	This cookie is set by the Sumo. This cookie is used for verifying whether the user is logged in or not.

You may also like...

Leave a ReplyCancel reply

Recent Posts

Recent Comments

Categories

Latest tutorials

Speculative Store Bypass: spectre for browsers, the nightmare isn’t over yet

Speculative Store Bypass for everyone

How about Rogue System Register Read (Variant 3a)?

Stay up to date:

Related posts:

You may also like...

Rook: storage orchestration for Kubernetes

OpenStack use cases and tips

Linux Mint 19 new features, now with Timeshift!

Leave a ReplyCancel reply

Recent Posts

Recent Comments

Categories

Latest tutorials