In response to reports regarding Forcepoint findings that WebAssembly (or WA or Wasm) changes may make Meltdown & Spectre browser patches ineffective, Virsec offers perspective.
Satya Gupta, CTO and Co-founder at Virsec:
“This latest issue demonstrates that the fundamental chip flaws that have allowed Meltdown & Spectre cannot be fully patched externally – at the browser level. In this case, WebAssembly programming tools can leverage the performance gains – and security vulnerabilities – of chip-level speculative execution, even if the browser has been patched to prevent it. Ultimately, Meltdown & Spectre can only be solved at the process memory level.”