This repository has been archived by the owner on Dec 11, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 973
Brave reports as vulnerable to spectre on test site #12570
Labels
Milestone
Comments
cc: @diracdeltas |
Thanks for the confirmation @g33xter |
Strict Site isolation only mitigates against Spectre by enhancing separation between iframes and the parent context. It does not prevent Spectre if the parent context is trying to use the attack against you. According to @jumde, we will need to disable SharedArrayBuffer in order to appear as "not vulnerable" according to this test. |
diracdeltas
changed the title
Strict Site Isolation not working
Brave reports as vulnerable to spectre on test site
Jan 9, 2018
diracdeltas
added a commit
that referenced
this issue
Jan 9, 2018
Fix #12570 Test Plan: 1. Enable 'Strict Site Isolation' in about:preferences#security, then restart 2. Go to http://xlab.tencent.com/special/spectre/spectre_check.html 3. Click the button to check your browser. It should report as not vulnerable.
10 tasks
This was referenced Jan 11, 2018
@diracdeltas thanks for clarifying. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
Test plan
#12577 (comment)
I'm using Brave 0.19.131 & checked the new security feature which is related to Spectre & Meltdown vulnerability. So, I tried using this http://xlab.tencent.com/special/spectre/spectre_check.html, it's saying it's vulnerable for Spectre. Check the Screenshot. I'm using macOS Sierra.
The text was updated successfully, but these errors were encountered: