Three academics from Northeastern University and three researchers from IBM Research have discovered a new variation of the Spectre CPU vulnerability that can be exploited via browser-based code.

The research team says this new CPU vulnerability is, too, a design flaw in the microarchitecture of modern processors that can be exploited by attacking the process of “speculative execution,” an optimization technique used to improve CPU performance.

The vulnerability, which researchers codenamed SplitSpectre, is a variation of the original Spectre v1 vulnerability discovered last year and which became public in January 2018.

The difference in SplitSpectre is not in what parts of a CPU’s microarchitecture the flaw targets, but how the attack is carried out.

According to the research team, a SplitSpectre attack is far easier to execute than an original Spectre attack

[…]

For their academic paper, the research team says it successfully carried out a SplitSpectre attack against Intel Haswell and Skylake CPUs, and AMD Ryzen processors, via SpiderMonkey 52.7.4, Firefox’s JavaScript engine.

Source: Researchers discover SplitSpectre, a new Spectre-like CPU attack | ZDNet