After the disclosure of the 2018 Spectre family of vulnerabilities in modern microprocessor chips, hardware vendor and operating system makers scrambled to reduce the impact of data-leaking side-channel attacks designed to exploit the way chips try to predict future instructions.
Intel and others rolled out firmware patches, Linux kernel maintainers added capabilities like STIBP (Single Thread Indirect Branch Predictors), and browser makers took steps like reducing the precision of timers.
Now web security professionals are asking developers to do their part by recognizing that Spectre broke the old threat model and by writing code that reflects the new one.
Intel CPU interconnects can be exploited by malware to leak encryption keys and other info, academic study finds
google engineer urges secure their spilling spectre haunted world
