Eric McCorkle <e...@metricspace.net> writes: > Given enough skill, resources, and motivation, it's likely that an > attacker could craft a javascript-based version of the attack, then > every javascript website (aka all of them) is a potential attack vector.
Uh, this has already been demonstrated. According to Google, Chrome 64 (to be released in a few days) includes countermeasures against it. I don't have any further details. DES -- Dag-Erling Smørgrav - d...@des.no _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
