Actions Required to Mitigate Speculative Side-Channel Attack Techniques - The Chromium Projects
Home of the Chromium Open Source Project
Hasnain says:
Should we all just hang up our boots and head home? This is just nuts.
"Don’t serve user-specific or sensitive content from URLs that attackers can predict or easily learn. Attackers can load such URLs in their attack pages (e.g. ) to get the sensitive information into the process rendering their page, and can then use out-of-bounds reads to discover the information. Use anti-CSRF tokens or random URLs to break this kind of attack."