FS#57039 - [chromium] SharedArrayBuffer is still enabled

Attached to Project: Arch Linux
Opened by Norbert Pfeiler (npfeiler) - Wednesday, 10 January 2018, 18:18 GMT
Last edited by Evangelos Foutras (foutrelis) - Thursday, 11 January 2018, 01:25 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Evangelos Foutras (foutrelis)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
SharedArrayBuffer is supposed to be disabled because of Spectre in chromium since 2018-01-05 but it apparently is not
https://www.chromium.org/Home/chromium-security/ssca (last paragraph)

applies to 3 boxes i tried it on

Additional info:
* package version(s)
chromium 63.0.3239.132-2
* config and/or log files etc.


Steps to reproduce:
ctrl+shift+i → console → »window.SharedArrayBuffer«

returns »ƒ SharedArrayBuffer() { [native code] }« but should return »undefined« (which it does if you disable it manually via chrome://flags/#shared-array-buffer
This task depends upon

Closed by  Evangelos Foutras (foutrelis)
Thursday, 11 January 2018, 01:25 GMT
Reason for closing:  Fixed
Additional comments about closing:  chromium 63.0.3239.132-3
Comment by loqs (loqs) - Wednesday, 10 January 2018, 22:29 GMT
Looks like commit the needed is a354b4ecf2434f2f6460b33031aeaf646edf5e64 "Disable SharedArrayBuffer by default." however that does not cover the other changes such as modifying performance.now
Comment by loqs (loqs) - Wednesday, 10 January 2018, 22:52 GMT
2613496a226cffa857b104bb79cf0e8ee834825a "gin: Add jitter to Date timestamp"
a77687fd89adc1bc2ce91921456e0b9b59388120 "Clamp performance.now() to 100us."
Comment by Evangelos Foutras (foutrelis) - Wednesday, 10 January 2018, 23:43 GMT
The resolution reduction will have to wait for Chromium 64; Chrome 63 doesn't implement it either.

The commit that disables SharedArrayBuffer by default will be in chromium 63.0.3239.132-3 shortly.

Loading...