New WebAssembly Standard May Put Browser at Meltdown and Spectre vulnerabilities
According to Forcepoint security researcher John Bergbom, the upcoming WebAssembly standard may make some of the browser-level fixes for Meltdown and Specter useless. WebAssembly (WA or WASM) is a new technology released last year and currently supports all major browsers such as Chrome, Edge, Firefox, and Safari.
This technology is a binary language, the browser will convert to machine code and run directly on the CPU. Browser manufacturers create WebAssembly to increase the speed and performance of JavaScript code delivery, and they also create a migration method for developers to port code from other high-level languages (such as C, C++, and others) to WASM, and then Run it in your browser.
All in all, WebAssembly standards are considered as a standard of success in the web development community and have always been praised.
But like all technologies, it also brings some unforeseen small troubles and abuse cases. For beginners, the rise of crypto money miners in the browser (crypto jacking scripts) can be traced back to adding WebAssembly to the main browser because miners in all browsers run on WebAssembly instead of pure JavaScript.
Now, Bergbom thinks that WebAssembly will bring another small trouble for Web users:
“Once Wasm gets support for threads with shared memory (which is already on the Wasm roadmap), very accurate [JavaScript] timers can be created, that may render browser mitigations of certain CPU side channel attacks non-working.”
In this statement, Bergbom more accurately refers to “timing attacks”, which are a type of bypass attack. A timing attack is a type of password attack. A third-party observer can infer the content of the encrypted data by recording and analyzing the time it takes to perform the encryption algorithm.
The recently disclosed Meltdown and Spectre CPU vulnerabilities and many of their changes are their core timing attacks. They rely on an attacker’s ability to measure precise time intervals. This is the parameter needed to perform a side-channel attack and recover enough information from the encrypted data block to determine the rest.
Source: bleepingcomputer
