V8 6.3 exposes its users to the Meltdown and Spectre attacks if used for executing untrusted code

[ignisf]

As far as I understand, the following conditions need to be met:

1. You have to be using V8 to run untrusted code.
2. You have to be running V8 on an unpatched OS.

Mitigations have been merged in 6.4 beta, see:

• v8/v8@a060a4f

• https://chromium-review.googlesource.com/c/v8/v8/+/848921

• https://sites.google.com/a/chromium.org/dev/Home/chromium-security/ssca

• https://googleprojectzero.blogspot.bg/2018/01/reading-privileged-memory-with-side.html

• https://spectreattack.com/

• https://meltdownattack.com/

[ignisf]

@seanmakesgames, @SamSaffron ^

[seanmakesgames]

whoops all I use v8 for is executing untrusted code -- @ignisf is this a 6.3 and below or a 6.3 bug?

[ignisf]

looking at the patches, it relies on wasm... so I suspect it's since wasm was introduced. :/

[seanmakesgames]

Excellent. I don't support wasm, so as long as I keep that layer secure things are harder. I have a group of players trying to break it as well, they have some concerns with getting it to work in js, so we'll see how it goes. :)

[SamSaffron]

Yeah let's keep this open till 6.4 is released, but the vuls have been in place for a very long time.

Keep in mind that OS patches will also "fix" this without a 6.4 upgrade and long term a CPU upgrade will fix this as well.

[YurySolovyov]

V8 6.7 is out by now with Untrusted code mitigations