Open Bug 1756207 Opened 3 years ago Updated 3 years ago

Enable more robust CSM protections where available

Tracking

()

Status:

NEW

People

(Reporter: tjr, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: parity-chrome, sec-want)

Tom Ritter [:tjr]

Reporter

Description

•

3 years ago

A bit ago chrome landed a patch that will use a new OSX 11.0+ feature to enable process-wide hyperthreading disabling vs the current per-thread disabling they and we use.

They enabled it on their renderer and ppapi plugin processes. I believe enabling it on a process-wide basis would protect us against a compromised renderer using a hyper-threading-based attack cross-process.

Tom Ritter [:tjr]

Reporter

Updated

•

3 years ago

Blocks: 1359559

Tom Ritter [:tjr]

Reporter

Updated

•

3 years ago

Component: DOM: Workers → Security: Process Sandboxing

Haik Aftandilian [:haik]

Updated

•

3 years ago

Severity: -- → S3

Priority: -- → P2

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Enable more robust CSM protections where available

Categories

(Core :: Security: Process Sandboxing, enhancement, P2)

Tracking

()

People

(Reporter: tjr, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: parity-chrome, sec-want)

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated