Originally posted by hotaru
View Post
-
those information are small but I believe to identify the exact alignment of your interest you need much more. It's binary data after all. -
Originally posted by carewolf View PostLeave a comment:
-
Emmm, it's a bad idea to do this without user consent, because this would basically reset any state of the page rendered.Originally posted by lilunxm12 View Post
Or browser vendors could develop a deep refresh feature, restart the page in a new process and close the old one. Then we could use those existing tab refresher extensions.
If you are doing banking or performing some critical operations that uses Javascript, then refreshing would cause all these pages to be invalidated and potentially requires you to start from scratch to refill information.
Providing an API so that some plugins to do it might be OK, but still the performance of this is going to be terrible.Leave a comment:
-
Doesn't speculative attack require very longtime to acctually extract enformation? Like a few bytes per second and needs quite a lot to decrypt anything meaningful?
If that's the case maybe periodically restart browser is all we need as desktop users running random js?Leave a comment:
-
browsers had to impair js timers on purpose as a temporary measure to avoid js exploitation of spectre when it first came up... back then they intended to give js back the ability to use more precise timers, but since the vulnerabilities didn't stop popping up those degraded timers might still be in place...
...and then there is dev ingenuity, crafting ways to increase timer precision by joining several methods creatively, etc... so that was explicitly only a stopgap measure to buy OSs time to devise more proper mitigationsLeave a comment:
Leave a comment: