There are ways to mitigate the issue in Chrome and other Chromium-based browsers such as Opera or Vivaldi. To mitigate known attack forms, users or admins have to enable strict site isolation in the web browser to do so.
While you can check whether your Windows operating system is vulnerable, you could not check whether your web browser is patched or vulnerable up until now.
This uncertainty is a thing of the past however as Tencent's XUANWU Lab released an online tester that checks whether web browsers are vulnerable to Spectre.
Visit the Lab's website to get started. You find a "click to check" button at the top that you need to activate to run the test.
It does not take long to test browsers. Some checks complete almost right away while others take longer to complete and involve cache processing.
Here is a quick list of tested browsers and their vulnerability status (always assume the latest version):
*not vulnerable if you enable strict site isolation in the web browser.
Tencent's security team notes that a result of vulnerable means that Spectre-based attacks will work in the browser. A status of not vulnerable, however, does not necessarily mean that the browser is adequately protected. It is protected against a known attack, but it is possible that unknown attack methods may exist that can exploit the issue still. The team promises to improve the tool in the future.
Update: Opera contacted me with the following corrections. Strict Site Isolation mitigates Meltdown but not Spectre. The company disabled Shared Array Buffer in Opera to mitigate Spectre. It did so while users were testing Opera and that explains why some users found that Opera was not vulnerable while others found that it was vulnerable. A restart of the browser was required after the change before it would take affect.
Now You: Is your browser vulnerable? (via Born)Advertisement
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.