WebAssembly Changes May Make Meltdown & Spectre Browser Patches Useless

By   ISBuzz Team
Writer , Information Security Buzz | Jun 26, 2018 01:30 pm PST

In response to reports regarding Forcepoint findings that WebAssembly (or WA or Wasm) changes may make Meltdown & Spectre browser patches ineffective, Virsec offers perspective.

Satya Gupta, CTO and Co-founder at Virsec:

“This latest issue demonstrates that the fundamental chip flaws that have allowed Meltdown & Spectre cannot be fully patched externally – at the browser level. In this case, WebAssembly programming tools can leverage the performance gains – and security vulnerabilities – of chip-level speculative execution, even if the browser has been patched to prevent it. Ultimately, Meltdown & Spectre can only be solved at the process memory level.”

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x