Spectre - what to do

Every day solutions to every day challenges. + Brilliant stuff

Moderators: b1o, jkerr82508

Forum rules
Please feel free to post your tip it does not have to be advanced. Also ask questions directly related to the tip here. But do not start new threads with questions or ask for help here. That is what the help section is for. forum rules: http://bjoernvold.com/forum/viewtopic.php?f=8&t=568
Post Reply
User avatar
viking60
Über-Berserk
Posts: 9351
Joined: 14 Mar 2010, 16:34

Spectre - what to do

Postby viking60 » 21 Jan 2018, 15:02

Most distros have implemented a patch for Meltdown as a result of the Intel CPU flaw.

But Spectre remains and it can be used to read all your passwords with a simple Javascript on any Webpage.

This means that you definitely will need to "harden" your Browser against Spectre

This is how you do it on Chrome based browsers Like:
    Chrome
    Chromium
    Iridium (Occasionally fails test even if in Firejail with correct settings)
    Opera
    Vivaldi
Paste this in your URL bar

Code: Select all

chrome://flags/#enable-site-per-process

And enable Strict site isolation
:A
Image

Firefox will be patched with a regular update
FF version 57.04 is patched - you can check your FF version under "Help" and "About"

In the Brave browser you can enable site isolation in The regular settings under "security".

Microsoft's Edge and IE will be patched through regular Windows updates.
Apple's Safari will be patched through regular security updates.

After changing the settings; remember to close you browser and restart it (a few times couldn't hurt).

In addition you can put your Browser in a Firejail.

Firejail alone will keep your browser from leaking according to my tests. Most of my browsers were already in Firejail (edited in the menu) so I haven't been that vulnerable to Spectre to begin with 8-)
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"
Top
User avatar
viking60
Über-Berserk
Posts: 9351
Joined: 14 Mar 2010, 16:34

Re: Spectre - what to do

Postby viking60 » 21 Jan 2018, 15:45

Feel free to post fixes for other browsers....
To test that your fixes were successful; you can check it out on this site:
:A
http://xlab.tencent.com/special/spectre ... check.html

If the result is that you are Vulnerable then you definitely are +1

Image

If the result is negative - you still might be; but hey it is as good as it gets.

....and make no mistake - if you do not implement the fixes above then you will be vulnerable!
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"
Top
Post Reply

Return to “Tips & Tricks”