WebAssembly Changes May Make Meltdown & Spectre Browser Patches Useless

In response to reports regarding Forcepoint findings that WebAssembly (or WA or Wasm) changes may make Meltdown & Spectre browser patches ineffective, Virsec offers perspective.

Satya Gupta, CTO and Co-founder at Virsec:

“This latest issue demonstrates that the fundamental chip flaws that have allowed Meltdown & Spectre cannot be fully patched externally – at the browser level. In this case, WebAssembly programming tools can leverage the performance gains – and security vulnerabilities – of chip-level speculative execution, even if the browser has been patched to prevent it. Ultimately, Meltdown & Spectre can only be solved at the process memory level.”

Subscribe
Notify of
guest

0 Expert Comments
Inline Feedbacks
View all comments
Information Security Buzz
0
Would love your thoughts, please comment.x
()
x