The bug allows attackers to swipe data from a CPU’s registers. […] the exploit doesn’t require physical hardware access and can be triggered by loading JavaScript on a malicious website.
The bug allows attackers to swipe data from a CPU’s registers. […] the exploit doesn’t require physical hardware access and can be triggered by loading JavaScript on a malicious website.
I mean, this was disclosed to AMD a few months back and there actually is a patch available currently for Epyc CPUs.
It’d be nice if they waited until all the patches were out, but I’d rather this than a full zero-day exploit of this scale in the wild.
Removed by mod
This kind of shit is exactly why I use uMatrix as well as uBlock Origin. It allows me to monitor and control 3rd party scripts and allow only what’s needed for a website. If a malicious 3rd party script does happen to get injected into things; I usually notice…especially if it actually breaks shit on the website by not loading it.