Iqela labaphandi abavela kwiiyunivesithi zaseMelika, zaseOstreliya kunye nezakwa-Israeli bacebise indlela entsha yokuhlasela yesitishi esisecaleni ukuze basebenzise ubuthathaka beSpecter-class kwizikhangeli ezisekwe kwi-injini yeChromium. Uhlaselo, olubizwa ngokuba yi-codenamed Spook.js, likuvumela ukuba udlule umatshini wokuzihlukanisa wesayithi ngokusebenzisa ikhowudi yeJavaScript kwaye ufunde imixholo yendawo yonke yedilesi yenkqubo yangoku, okt. ukufikelela kwidatha evela kumaphepha asebenza kwezinye iithebhu, kodwa ziqhutywe kwinkqubo efanayo.
Ekubeni i-Chrome iqhuba iisayithi ezahlukeneyo kwiinkqubo ezahlukeneyo, ukukwazi ukwenza uhlaselo olusebenzayo lukhawulelwe kwiinkonzo ezivumela abasebenzisi abahlukeneyo ukuba babambe amaphepha abo. Indlela ivumela, ukusuka kwiphepha apho umhlaseli unethuba lokuzinzisa ikhowudi yakhe yeJavaScript, ukujonga ubukho bamanye amaphepha avulwe ngumsebenzisi kwindawo efanayo kwaye akhuphe ulwazi oluyimfihlo kubo, umzekelo, iziqinisekiso okanye iinkcukacha zebhanki ezifakwe endaweni. ngenkqubo yokuzalisa ngokuzenzekelayo amasimi kwiifom zewebhu. Njengomboniso, kuboniswa indlela onokuhlasela ngayo iblogi yomnye umntu kwinkonzo yeTumblr ukuba umniniyo uvula iblogi yabahlaseli ebanjwe kwinkonzo efanayo kwenye ithebhu.
Olunye ukhetho lokusebenzisa indlela luhlaselo kwizongezo zesiphequluli, ezivumela, xa ufaka i-add-on elawulwa ngumhlaseli, ukukhupha idatha kwezinye izongezo. Njengomzekelo, sibonisa ukuba ngokufaka i-add-on enobungozi unokukhupha ulwazi oluyimfihlo kumphathi wephasiwedi we-LastPass.
Abaphandi bapapashe iprototype ye-exploit esebenza kwi-Chrome 89 kwiinkqubo ezine-CPUIntel i7-6700K kunye ne-i7-7600U. Xa usenza i-exploit, iprototypes yekhowudi yeJavaScript epapashwe ngaphambili nguGoogle yayisetyenziselwa ukwenza uhlaselo lwe-Specter-class. Kuyaphawulwa ukuba abaphandi bakwazi ukulungiselela ukuxhaphazwa okusebenzayo kwiinkqubo ezisekelwe kwi-Intel kunye ne-Apple M1 processors, ezenza kube lula ukuququzelela ukufundwa kwememori ngesantya se-500 bytes ngesibini kunye nokuchaneka kwe-96%. Kucingelwa ukuba indlela iyasebenza nakwi-AMD processors, kodwa kwakungenakwenzeka ukulungiselela ukuxhaphazwa okusebenzayo ngokupheleleyo.
Uhlaselo lusebenza kuzo naziphi na iiphequluli ezisekelwe kwi-injini yeChromium, kuquka iGoogle Chrome, iMicrosoft Edge kunye neBrave. Abaphandi bakholelwa ukuba indlela inokuguqulwa ukuze isebenze kunye neFirefox, kodwa ekubeni injini yeFirefox ihluke kakhulu kwiChrome, umsebenzi wokudala ukuxhaphazwa okunjalo ushiywe kwixesha elizayo.
Ukukhusela kuhlaselo olusekwe kwisikhangeli esinxulumene nokuphunyezwa okuqikelelwayo kwemiyalelo, iChrome isebenzisa idilesi yendawo yokwahlulwa-hlulwa kwesanti ivumela iJavaScript ukuba isebenze kuphela ngezikhombisi ze-32-bit kwaye yabelane ngenkumbulo yabaphathi kwiimfumba ezidityanisiweyo ze-4GB. Ukubonelela ngokufikelela kuyo yonke inkqubo yendawo yedilesi kunye nokudlula umda we-32-bit, abaphandi basebenzisa ubuchule obubizwa ngokuba yi-Type Confusion, enyanzela injini yeJavaScript ukuba iqhube into enohlobo olungalunganga, okwenza kube lula ukwenza i-64-bit. isalathi esekwe kwindibaniselwano yamaxabiso amabini angama-32-bit.
Undoqo wohlaselo kukuba xa kusetyenzwa into enobungozi eyenzelwe ngokukodwa kwi-injini yeJavaScript, iimeko zenziwe ezikhokelela ekuphunyezweni okuqikelelwayo kwemiyalelo efikelela kuluhlu. Into ikhethwe ngendlela yokuba imimandla elawulwa ngumhlaseli ibekwe kwindawo apho isalathisi se-64-bit sisetyenzisiweyo. Ekubeni uhlobo lwento enobungozi aluhambelani nohlobo loluhlu olucutshungulwayo, phantsi kweemeko eziqhelekileyo izenzo ezinjalo zivaliwe kwi-Chrome ngendlela yokunciphisa ikhowudi esetyenziselwa ukufikelela kwii-arrays. Ukuyicombulula le ngxaki, ikhowudi yohlaselo loHlobo lweNgxaki ibekwe kwibhloko enemiqathango ethi "ukuba", engenziwanga phantsi kweemeko eziqhelekileyo, kodwa isenziwa kwimo eqikelelwayo, ukuba iprosesa iqikelela ngokungalunganga i-branching eyongezelelweyo.
Ngenxa yoko, iprosesa ifikelela ngentelekelelo kwisalathisi se-64-bit esenziweyo kwaye ibuyisela umva urhulumente emva kokumisela uqikelelo olungaphumeleliyo, kodwa umkhondo wophumezo uhlala kwi-cache ekwabelwanayo ngayo kwaye inokubuyiselwa kusetyenziswa iindlela zokubona indawo yecache esecaleni ehlalutya utshintsho amaxesha okufikelela kwi-cached kunye nedatha engagcinwanga . Ukuhlalutya imixholo ye-cache kwiimeko zokungachaneki ngokwaneleyo kwe-timer ekhoyo kwiJavaScript, indlela ecetywayo yiGoogle isetyenzisiweyo, ekhohlisa iqhinga lokukhutshwa kwe-Tree-PLRU esetyenziswa kwiiprosesa kwaye ivumela, ngokunyusa inani lemijikelezo, ukwandisa kakhulu umahluko kwixesha xa ixabiso likhona kwaye lingekho kwindawo yokugcina.
umthombo: opennet.ru