From bleepingcomputer.com
Google has published JavaScript proof-of-concept (PoC) code to demonstrate the practicality of using Spectre exploits targeting web browsers to access information from a browser’s memory.
According to the Google Security Team, the PoC shared today works across a wide range of processor architectures, operating systems, and hardware generations.
Security mechanisms vendors have added to web browsers to protect users from Spectre attacks (e.g., Site Isolation, out-of-process iframes, Cross-Origin Read Blocking, and other Cross-Origin policies) don’t actually block exploitation attempts.