Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Thu, 21 May 2020 06:27:14 GMT

[[global:former_user]] — Thu, 21 May 2020 06:27:14 GMT

@donq I think this Chinese test is old and may not take into account the current changes in the Chromium engine. Now it makes no sense to turn off flags and use keys only to pass this test. I also have not heard about the real use of this vulnerability in browsers, only in special tests.

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Tue, 19 May 2020 19:45:38 GMT

donq — Tue, 19 May 2020 19:45:38 GMT

@anastasia-mx said in Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability:

can you explain what these parameters are

Read here: https://developers.google.com/web/updates/2018/10/wasm-threads

and why they were enabled if this leads to a vulnerability?

Most likely unintended coincidence - performance versus security, as it often is.
If Chrome is not affected, then you should report a bug to Opera. If Chrome (Chromium) is affected too, then better report to Chrome (Chromium).

Well, before reporting check latest developer build - it is possible that this problem is already fixed. In my just updated dev version (70.0.3693.0) two checks (2 of 2) did report "not vulnerable"

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Tue, 19 May 2020 14:52:26 GMT

anastasia-mx — Tue, 19 May 2020 14:52:26 GMT

@johnd78 I used the "WebAssembly threads support" = "disabled" flag and started the program opera with the key --disable-features=SharedArrayBuffer as a result, the problem is resolved and the browser is no longer vulnerable.
can you explain what these parameters are and why they were enabled if this leads to a vulnerability?

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Mon, 18 May 2020 01:56:50 GMT

[[global:former_user]] — Mon, 18 May 2020 01:56:50 GMT

@andrew84 Sorry, my mistake, I forgot something. Try to disable the flag opera://flags/#enable-webassembly-threads and start the browser with the key --disable-features=SharedArrayBuffer. Then it should work. Checked in the 68th and 69th Opera.

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Sun, 17 May 2020 19:26:20 GMT

leocg — Sun, 17 May 2020 19:26:20 GMT

@johnd78 I have that flag enabled (by default) here and the test says that Opera i snot vulnerable.

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Sun, 17 May 2020 19:23:01 GMT

leocg — Sun, 17 May 2020 19:23:01 GMT

@johnd78 That flag used to make sense three years ago, when the post was published.

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Sun, 17 May 2020 19:22:39 GMT

donq — Sun, 17 May 2020 19:22:39 GMT

@andrew84 said in Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability:

Maybe the test itself is not stable. And my processors can't be called as 'modern' like it is said in the blog post's explanation.

The vulnerability itself is not 'stable'
Code in test script is a bit over my understanding, but it could be unstable either.

To read protected memory areas CPU cache is cleared, code is tricked to execute speculative read from protected area (which is discarded and thus not giving error - but data is already loaded into cache) and then some other memory addresses are read - read timing depends on cache containig specific data. Some information can be leaked even using somewhat random timing - I think this is exactly what you experience.

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Sun, 17 May 2020 17:53:28 GMT

andrew84 — Sun, 17 May 2020 17:53:28 GMT

@johnd78 I can't comment here, I also tried it in 69 (which is not portable) and all is the same.
.

Maybe the test itself is not stable. And my processors can't be called as 'modern' like it is said in the blog post's explanation.

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Sun, 17 May 2020 17:23:53 GMT

[[global:former_user]] — Sun, 17 May 2020 17:23:53 GMT

@andrew84 For me with the opera://flags/#enable-webassembly-threads flag Disabled in the 68th it turns out like with the opera://flags/#shared-array-buffer flag Disabled in the 58th.

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Sun, 17 May 2020 17:15:36 GMT

andrew84 — Sun, 17 May 2020 17:15:36 GMT

@johnd78 said in Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability:

opera://flags/#enable-webassembly-threads

I disabled it, but in my case the result is still random (Portable 68.0.3618.104)

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Sun, 17 May 2020 17:04:23 GMT

[[global:former_user]] — Sun, 17 May 2020 17:04:23 GMT

@andrew84 Ok, got it. Then try to disable the flag opera://flags/#enable-webassembly-threads in the 68th Opera. To pass the test, this should be enough.

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Sun, 17 May 2020 16:53:08 GMT

andrew84 — Sun, 17 May 2020 16:53:08 GMT

@johnd78 with the enabled flag I have the same random result in O58 too, depending oh how many 'caches' were processed.

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Sun, 17 May 2020 16:49:41 GMT

[[global:former_user]] — Sun, 17 May 2020 16:49:41 GMT

@andrew84 Please, try enabling the flag opera://flags/#shared-array-buffer in the 58th Opera. It is interesting to look at the test result on your system.

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Sun, 17 May 2020 16:01:02 GMT

[[global:former_user]] — Sun, 17 May 2020 16:01:02 GMT

@leocg I meant the developers' blog comments on this issue. As far as I remember, when a problem with this vulnerability appeared, the developers forcedly disabled opera://flags/#shared-array-buffer flag. Now this flag is gone.

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Sun, 17 May 2020 15:35:52 GMT

andrew84 — Sun, 17 May 2020 15:35:52 GMT

@leocg so read the blog post, there's an explanation. And there's 0 comments (because all the 'disqus' comments were removed)

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Sun, 17 May 2020 15:21:02 GMT

leocg — Sun, 17 May 2020 15:21:02 GMT

@johnd78 You posted the link to the blog post and not to the comment.

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Sun, 17 May 2020 11:32:56 GMT

[[global:former_user]] — Sun, 17 May 2020 11:32:56 GMT

I found a blog comment from the Opera developers. https://blogs.opera.com/desktop/2018/01/opera-50-0-2762-67-stable-update/

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Sat, 16 May 2020 13:28:23 GMT

donq — Sat, 16 May 2020 13:28:23 GMT

IIRC at least some (theoretical) browser attacks were based on precision timing in javascript and mitigation was done by randomizing JS timing errors - all such behavior is seated deep inside JS engine and should not be related to broken profile. Well, there likely are some JS flags, which may alter engine behavior - and you may search or ask on chrome/chromium forums, have they changed anything related to spectre or JS timings.

I have not heard about (widespread) real-word exploits, based on spectre (or meltdown). I would think such kind of vulnerabilites can be used for targeted attaks, where every bit of information can be valuable; for generic attakcs (to take PC over) this is a bit hard and unpredictable to use - of course I may be wrong here.

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Fri, 15 May 2020 18:48:29 GMT

leocg — Fri, 15 May 2020 18:48:29 GMT

@anastasia-mx A clean profile would help checking if the problem is not being caused by a broken profile.

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Fri, 15 May 2020 18:44:28 GMT

leocg — Fri, 15 May 2020 18:44:28 GMT

@anastasia-mx Since Opera is a Chromium based browser, you need to also check with other Chromium based browsers to have a valid comparasion.

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Fri, 15 May 2020 18:13:14 GMT

anastasia-mx — Fri, 15 May 2020 18:13:14 GMT

@leocg said in & Spectre the last Opera 68.0.3618.104 vulnerability:

Did you check with a clean profile?

if you delete all the settings, it will be very bad and I will need to configure a lot from the beginning

@donq said in & Spectre the last Opera 68.0.3618.104 vulnerability:

What offline scanner says? https://www.grc.com/inspectre.htm

Meltdown & Spectre - NO!, NO! updates strongly slow down the system, I do not want to put them, I have hope for the browser itself.

@leocg said in & Spectre the last Opera 68.0.3618.104 vulnerability:

What about other Chromium based browsers?

not used by others Chromium based browsers. I only use Mozilla - everything is fine in it, there is no vulnerability.

any other sites to check for vulnerabilities?

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Fri, 15 May 2020 17:51:41 GMT

andrew84 — Fri, 15 May 2020 17:51:41 GMT

I have the same in latest MS Edge build (Canary), if 128 cache was scanned, then all is fine.

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Fri, 15 May 2020 17:43:29 GMT

leocg — Fri, 15 May 2020 17:43:29 GMT

@anastasia-mx What about other Chromium based browsers?

Reply to Meltdown & Spectre the last Opera 68.0.3618.104 vulnerability on Fri, 15 May 2020 17:29:24 GMT

andrew84 — Fri, 15 May 2020 17:29:24 GMT

O58 - 58.0.3135.132 (I don't see 'processing cache' for some reason)

68.0.3618.104
random result (when I click 'recheck'), sometimes it checks only few caches (8, 16, 32), sometimes checks all caches until 128. When it includes all caches including 128 it shows NOT vulnerable. if less caches were checked, then it shows vulnerable. Win 8.1 3rd gen core i3.