Security fixes to address the Meltdown and Spectre timing attacks?

[S3ndG]

Hi, I saw that firefox 57.0.4 and Chrome 64 will add security fixes about these CPU vulnerabilities... What about Samsung internet browser? Are you gonna release a patch that could secure the users of your browser? Thank you .

Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated that code on a malicious web page could read data from other web sites (violating the same-origin policy) or private data from the browser itself.

[poshaughnessy]

Hi @S3ndG yes this is on our radar and mitigations will be coming in upcoming release(s). I'll leave this open to share further details later. Thanks.

[poshaughnessy]

Hi @S3ndG as you might have seen, our v6.4 includes some relevant updates about this (last section here): https://medium.com/samsung-internet-dev/lets-connect-with-samsung-internet-v6-4-stable-1f197d43a812

This is not necessarily "complete" now - as we know they are mitigations, not "fixes" as such - so I will leave this ticket open.

[PicchiKevin]

Hi, Thank you for opening this issue. We are currently migrating our support channel to the Samsung Developer Forum. If you are still experiencing this issue I'd highly recommend re-opening it here please https://forum.developer.samsung.com/c/samsung-internet/

Thanks again, -Kevin