Cross-Process Spectre Exploitation

> The overwhelming majority of software authors are unconcerned about cross-process Spectre attacks, indicated by the fact that none of them enable IBPB. The only exception I've seen is Google Chrome.

As expected, Google goes the extra mile again to keep their users safe.

I believe Chrome is also the only software that enables certain mitigations such as ProcessSystemCallDisablePolicy on Windows and NO_SMT and TECS on macOS [1]. I wonder if some of these OS features have been implemented at Google's request.

However, in the case of Spectre, I think the OS should try to prevent exploitation rather than end programs, with a user-facing toggle to disable mitigations per-program for compatibility reasons.

[1] https://www.malwarebytes.com/blog/news/2021/08/macos-11s-hid...

misleading as chrome has recently gone to the trouble of removing adblock from their browser at a plumbing level, opening users up to malicious advertisements and trackers in search of google ad revenue. do not use chrome for the love of god.

On the note of OS mitigations, I've been thinking that a heavy-handed but possibly necessary (at least for highly untrusted programs) approach is to trample all over a process' cache and other relevant microarchitectural affordances whenever the process is entered. Then it should prevent a wide range of attacks, including those unknown until now. A more targeted method is messing up, say, branch predictor state when a process is being exited (i.e. preempted). I find that less intuitively reassuring, but it would reduce performance impact. In any case, I don't find techniques like retpolines or Intel IBRS plausible in the general case, so I'm inclined to go scorched earth. Not that it would likely be popular with the performance cost.

WebKit definitely uses those, search the codebase for "TCSM". I would assume that the Chrome people either worked with Apple on it, or they reversed it from what WebKit was doing.