WebAssembly Changes May Make Meltdown & Spectre Browser Patches Useless

In response to reports regarding Forcepoint findings that WebAssembly (or WA or Wasm) changes may make Meltdown & Spectre browser patches ineffective, Virsec offers perspective.

Satya Gupta, CTO and Co-founder at Virsec:

“This latest issue demonstrates that the fundamental chip flaws that have allowed Meltdown & Spectre cannot be fully patched externally – at the browser level. In this case, WebAssembly programming tools can leverage the performance gains – and security vulnerabilities – of chip-level speculative execution, even if the browser has been patched to prevent it. Ultimately, Meltdown & Spectre can only be solved at the process memory level.”

Experts Comments

Stay Tuned! Our Information Security Experts Community is responding .....

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.