Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It was until they added background workers.

There is a known simple mitigation. Don't JIT random JavaScript, back to interpretation. Of course that means there is no use for V8, which is why it's not in this paper.



V8 has a JIT-free mode now, and it's still pretty damn fast in real world situations. It looks like in synthetic benchmarks they saw up to 80% decrease in performance, but in real-world applications they saw as little as a 6% decrease.

https://v8.dev/blog/jitless

But even an interpreted language can still be vulnerable to Spectre attacks.


Interpreters aren't enough either. If the interpreter contains pieces of code that are vulnerable to spectre then it can still be exploited.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: