React, etc. Tech Stack

React, Flux, GraphQL, Hack, HHVM...? All of this and more!

JavaScript Spectre/Meltdown Vulnerability Check for Browsers

The serious flaws in CPUs made web applications written in JavaScript vulnerable to vicious attacks. With attackers being able to freely read memory using the speculative execution exploit, it is difficult to protect from these attacks as they can be deployed from the browser.

Operating System and Browser Vendors are already busy patching the issues. These are being widely deployed since the news of the Meltdown and JavaScript vulnerabilities broke. The Spectre attack was also something that would be possible to exploit with JavaScript, demonstrated in a vulnerable JavaScript code snippet.

Still while there are resources and Meltdown/Spectre FAQs to monitor progress of patches on personal computers and smartphones, using a shared public computer and it's browser is a risk. Using incognito or private mode in browsers will not protect from this threat.

To verify the security of a shared computer or smartphone users can run an online check for vulnerability. With China having a huge user base, the Chinese company Tencent has provided an online tool to check whether your browser is vulnerable.

The checker is in active development, but you can see the tool below and check if the browser you are using is suspect to the attackers exploiting the Spectre attack:

If the console returns the following, then you are at risk:

$ Check finished
$ Your browser is VULNERABLE to Spectre
$ Please update your browser immediately

Note that this check can only verify your browser, so on a patched Operating System this might return false results. But if you are looking at this from something like  Windows XP computer, then it is definitely not recommended to do online banking. Safe browsing!

Written by Jorgé on Monday January 15, 2018

Permalink -

« Dynamic JavaScript Module imports with TypeScript - GraphCMS is an Open Source alternative to Contentful »