"ZombieLoad": a new set of speculative-execution attacks

Posted May 15, 2019 10:30 UTC (Wed) by roc (subscriber, #30627)
In reply to: "ZombieLoad": a new set of speculative-execution attacks by LtWorf
Parent article: "ZombieLoad": a new set of speculative-execution attacks

Thanks to JS and the Web platform, we have lots of powerful apps running on a platform whose design is not controlled by any single vendor, that has no gatekeepers, and can be implemented completely in free software.

Curse it if you like, but if it goes away you'd better enjoy whichever vendor-controlled walled garden you end up in.

"ZombieLoad": a new set of speculative-execution attacks

Posted May 15, 2019 13:11 UTC (Wed) by LtWorf (subscriber, #124958) [Link] (2 responses)

We have basically only 2 web rendering engines and js engines, and firefox is probably going away.

"ZombieLoad": a new set of speculative-execution attacks

Posted May 15, 2019 19:21 UTC (Wed) by samth (guest, #1290) [Link]

There are definitely 3 of each: Blink/v8, WebKit/JSC, and Gecko/SpiderMonkey. Even if you think Blink and WebKit are "the same" (which is wrong) JSC and v8 have no common heritage.

"ZombieLoad": a new set of speculative-execution attacks

Posted May 15, 2019 22:39 UTC (Wed) by roc (subscriber, #30627) [Link]

There are 3 of each. Firefox need not go away; it's competitive enough that people are switching to it from Chrome, though the situation is still very challenging. Defeatist attitudes definitely won't help.