On 2021-03-16 09:20, Sven Vuln Bot wrote:
2021/03/16 14:01:06
Description: Google has released the side-channel exploit in hopes of motivating
web-application developers to protect their sites.
https://threatpost.com/google-spectre-poc-exploit-chrome/164787/
Source: Threat Post RSS Feed
good post
It's a fair bet that disabling JavaScript will mitigate this...
(Also "safe surfing")
When I must enable script, like for certain online store pages, this is
what I do:
a) do NOT use windows [in my case, FreeBSD, or Linux if you prefer that]
b) use a login context that is as non-priv'd as possible
c) enable the X11 server to listen for TCP connections locally - this is
useful for working with embedded systems also, when they have no screen
or a tiny one. Typically you start X with '-listen_tcp' or similar. YMMV
d) use 'su - nonpriv' (where 'nonpriv' is "that user") in an xterm (or equivalent) shell, and enter "export DISPLAY=localhost:0.0"
e) at some point, from the desktop's logged in user, enter the command
"xhost +localhost" to enable connections to localhostl
f) Now with DISPLAY set in the environment, run firefox or chrome as
needed. You may want to config them to delete ALL cache and history on
exit [firefox can do this, chrome not so much without manual
intervention but I have a shell script for that...]
I normally ONLY go to the sites I want to visit with script enabled when
i do this. Then I exit the browser and purge all history and cache.
Otherwise, it's firefox with the 'NoScript' plugin, aggressively
stopping as much as possible, ESPECIALLY google and cloud stuff
--
(aka 'Bombastic Bob' in case you wondered)
'Feeling with my fingers, and thinking with my brain' - me
'your story is so touching, but it sounds just like a lie'
"Straighten up and fly right"
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)