• Login
    • Search
    • Categories
    • Recent
    • Tags
    • Users
    • Groups
    • Rules
    • Help

    Do more on the web, with a fast and secure browser!

    Download Opera browser with:

    • built-in ad blocker
    • battery saver
    • free VPN
    Download Opera

    Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability

    Opera for Windows
    6
    35
    10771
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • donq
      donq @anastasia-mx last edited by donq

      @anastasia-mx
      What offline scanner says? https://www.grc.com/inspectre.htm

      For my PC/OS it says so, thereby Opera reporting same is no wonder:

      spme.png

      There are more tools listed: https://www.neowin.net/forum/topic/1353430-inspectre-grccom-spectre-meltdown-testing-tool/

      Reply Quote 0
        1 Reply Last reply
      • burnout426
        burnout426 Volunteer last edited by burnout426

        For me, with 2nd-gen Intel Core i5, https://xlab.tencent.com/special/spectre/spectre_check.html says I'm vulnerable to Spectre in all browsers except Firefox. All the other browsers I tested are Chromium-based. I tested in Opera 67 and 66 too. They show the same thing.

        With https://www.grc.com/inspectre.htm, it says I'm protected for both Meltdown and Spectre. It says a microcode update is available. Performance is "Slower" due to the workarounds.

        I'm on Windows 10 OS Version 1909 (Build 18363.836).

        Reply Quote 0
          1 Reply Last reply
        • andrew84
          andrew84 last edited by andrew84

          O58 - 58.0.3135.132 (I don't see 'processing cache' for some reason)
          2020-05-15_200416.png

          68.0.3618.104
          random result (when I click 'recheck'), sometimes it checks only few caches (8, 16, 32), sometimes checks all caches until 128. When it includes all caches including 128 it shows NOT vulnerable. if less caches were checked, then it shows vulnerable. Win 8.1 3rd gen core i3.
          2020-05-15_201202.png
          2020-05-15_201223.png

          Reply Quote 0
            A Former User 1 Reply Last reply
          • leocg
            leocg Moderator Volunteer @anastasia-mx last edited by

            @anastasia-mx What about other Chromium based browsers?

            Reply Quote 0
              1 Reply Last reply
            • andrew84
              andrew84 last edited by andrew84

              I have the same in latest MS Edge build (Canary), if 128 cache was scanned, then all is fine.
              2020-05-15_204745.png

              Reply Quote 0
                1 Reply Last reply
              • anastasia-mx
                anastasia-mx @leocg last edited by

                @leocg said in & Spectre the last Opera 68.0.3618.104 vulnerability:

                Did you check with a clean profile?

                if you delete all the settings, it will be very bad and I will need to configure a lot from the beginning

                @donq said in & Spectre the last Opera 68.0.3618.104 vulnerability:

                What offline scanner says? https://www.grc.com/inspectre.htm

                Meltdown & Spectre - NO!, NO! updates strongly slow down the system, I do not want to put them, I have hope for the browser itself.

                @leocg said in & Spectre the last Opera 68.0.3618.104 vulnerability:

                What about other Chromium based browsers?

                not used by others Chromium based browsers. I only use Mozilla - everything is fine in it, there is no vulnerability.

                any other sites to check for vulnerabilities?

                Reply Quote 0
                  leocg 2 Replies Last reply
                • leocg
                  leocg Moderator Volunteer @anastasia-mx last edited by

                  @anastasia-mx Since Opera is a Chromium based browser, you need to also check with other Chromium based browsers to have a valid comparasion.

                  Reply Quote 0
                    1 Reply Last reply
                  • leocg
                    leocg Moderator Volunteer @anastasia-mx last edited by

                    @anastasia-mx A clean profile would help checking if the problem is not being caused by a broken profile.

                    Reply Quote 0
                      1 Reply Last reply
                    • donq
                      donq last edited by

                      IIRC at least some (theoretical) browser attacks were based on precision timing in javascript and mitigation was done by randomizing JS timing errors - all such behavior is seated deep inside JS engine and should not be related to broken profile. Well, there likely are some JS flags, which may alter engine behavior - and you may search or ask on chrome/chromium forums, have they changed anything related to spectre or JS timings.

                      I have not heard about (widespread) real-word exploits, based on spectre (or meltdown). I would think such kind of vulnerabilites can be used for targeted attaks, where every bit of information can be valuable; for generic attakcs (to take PC over) this is a bit hard and unpredictable to use - of course I may be wrong here.

                      Reply Quote 0
                        1 Reply Last reply
                      • A Former User
                        A Former User last edited by

                        I found a blog comment from the Opera developers. https://blogs.opera.com/desktop/2018/01/opera-50-0-2762-67-stable-update/

                        Reply Quote 1
                          leocg 1 Reply Last reply
                        • leocg
                          leocg Moderator Volunteer @Guest last edited by

                          @johnd78 You posted the link to the blog post and not to the comment.

                          Reply Quote 0
                            andrew84 A Former User 2 Replies Last reply
                          • andrew84
                            andrew84 @leocg last edited by

                            @leocg so read the blog post, there's an explanation. And there's 0 comments (because all the 'disqus' comments were removed)

                            Reply Quote 0
                              1 Reply Last reply
                            • A Former User
                              A Former User @leocg last edited by

                              @leocg I meant the developers' blog comments on this issue. As far as I remember, when a problem with this vulnerability appeared, the developers forcedly disabled opera://flags/#shared-array-buffer flag. Now this flag is gone.

                              Reply Quote 0
                                leocg 1 Reply Last reply
                              • A Former User
                                A Former User @andrew84 last edited by A Former User

                                @andrew84 Please, try enabling the flag opera://flags/#shared-array-buffer in the 58th Opera. It is interesting to look at the test result on your system.

                                Reply Quote 0
                                  andrew84 1 Reply Last reply
                                • andrew84
                                  andrew84 @Guest last edited by andrew84

                                  @johnd78 with the enabled flag I have the same random result in O58 too, depending oh how many 'caches' were processed.
                                  2020-05-17_194803.png

                                  Reply Quote 0
                                    A Former User 1 Reply Last reply
                                  • A Former User
                                    A Former User @andrew84 last edited by

                                    @andrew84 Ok, got it. Then try to disable the flag opera://flags/#enable-webassembly-threads in the 68th Opera. To pass the test, this should be enough.

                                    Reply Quote 0
                                      andrew84 leocg 2 Replies Last reply
                                    • andrew84
                                      andrew84 @Guest last edited by andrew84

                                      @johnd78 said in Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability:

                                      opera://flags/#enable-webassembly-threads

                                      I disabled it, but in my case the result is still random (Portable 68.0.3618.104)
                                      2020-05-17_201047.png

                                      Reply Quote 0
                                        A Former User 1 Reply Last reply
                                      • A Former User
                                        A Former User @andrew84 last edited by

                                        @andrew84 For me with the opera://flags/#enable-webassembly-threads flag Disabled in the 68th it turns out like with the opera://flags/#shared-array-buffer flag Disabled in the 58th.

                                        Opera Снимок_2020-05-17_222159_xlab.tencent.com.png

                                        Reply Quote 0
                                          andrew84 1 Reply Last reply
                                        • andrew84
                                          andrew84 @Guest last edited by andrew84

                                          @johnd78 I can't comment here, I also tried it in 69 (which is not portable) and all is the same.
                                          2020-05-17_203748.png.

                                          Maybe the test itself is not stable. And my processors can't be called as 'modern' like it is said in the blog post's explanation.

                                          Reply Quote 0
                                            donq A Former User 2 Replies Last reply
                                          • donq
                                            donq @andrew84 last edited by donq

                                            @andrew84 said in Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability:

                                            Maybe the test itself is not stable. And my processors can't be called as 'modern' like it is said in the blog post's explanation.

                                            The vulnerability itself is not 'stable' 🙂
                                            Code in test script is a bit over my understanding, but it could be unstable either.

                                            To read protected memory areas CPU cache is cleared, code is tricked to execute speculative read from protected area (which is discarded and thus not giving error - but data is already loaded into cache) and then some other memory addresses are read - read timing depends on cache containig specific data. Some information can be leaked even using somewhat random timing - I think this is exactly what you experience.

                                            Reply Quote 0
                                              1 Reply Last reply
                                            • First post
                                              Last post

                                            Computer browsers

                                            • Opera for Windows
                                            • Opera for Mac
                                            • Opera for Linux
                                            • Opera beta version
                                            • Opera USB

                                            Mobile browsers

                                            • Opera for Android
                                            • Opera Mini
                                            • Opera Touch
                                            • Opera for basic phones

                                            • Add-ons
                                            • Opera account
                                            • Wallpapers
                                            • Opera Ads

                                            • Help & support
                                            • Opera blogs
                                            • Opera forums
                                            • Dev.Opera

                                            • Security
                                            • Privacy
                                            • Cookies Policy
                                            • EULA
                                            • Terms of Service

                                            • About Opera
                                            • Press info
                                            • Jobs
                                            • Investors
                                            • Become a partner
                                            • Contact us

                                            Follow Opera

                                            • Opera - Facebook
                                            • Opera - Twitter
                                            • Opera - YouTube
                                            • Opera - LinkedIn
                                            • Opera - Instagram

                                            © Opera Software 1995-