[Public WebGL] EXT_disjoint_timer_query disabled

Florian Bösch [email protected]
Sat May 19 00:29:16 PDT 2018


On Sat, May 19, 2018 at 3:08 AM, Ken Russell <[email protected]> wrote:

> EXT_disjoint_timer_query could not only be used to launch the GLitch
> attack, but act as a high-precision timer to carry out Spectre-like attacks
>

This isn't only true of a browser. How is this not a problem for all
applications?


> Reducing the timers' precision was sufficient to mitigate the GLitch
> attack, and as it turns out, Chrome's implementation of
> EXT_disjoint_timer_query already returned sufficiently lower-precision
> results.
>

How much precision was reduced?

However, Site Isolation is the long-term defense against Spectre, and it's
> close to being turned on in Chrome by default. At that point, the
> EXT_disjoint_timer_query WebGL extension will be turned back on in Chrome.
>

This is gonna happen when?


> Other browsers have mitigations in progress for Spectre, and once those
> land, useful features like EXT_disjoint_timer_query and SharedArrayBuffer
> will be re-enabled in those browsers, too.
>

And this is gonna happen when?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://khronos.org/pipermail/public_webgl_khronos.org/attachments/20180519/c6cdc585/attachment.html>


More information about the public_webgl mailing list