Will there be any changes in Vivaldi due to the Spectre/Meltdown PC issue?





  • What kind of changes would you expect?
    :P



  • @dxace1 I'm also keen to read a response from the team, but until then, fyi, there's already a flag you can set if you wish ... https://forum.vivaldi.net/topic/23531/strict-site-isolation-surprise



  • @luetage said in Will there be any changes in Vivaldi due to the Spectre/Meltdown PC issue?:

    What kind of changes would you expect?
    :P

    Perhaps some Vivaldi official assurance that the Strict Site Isolation function in chromium is properly implemented and functional in Vivaldi, and not just a dead-end chromium flag? And better yet, a switch to implement it in Settings along with ability to set per-site exceptions, since it has been reported to break some sites...



  • Personally i've decided to be mega hyper super proactive here. I've ditched the OS altogether, & am now running Vivaldi on my old slide-rule & log-tables. If in time they also become vulnerable, then i'll install V onto my abacus... but only with it unplugged from the wall of course [i mean, c'mon, i'm not entirely stupid].



  • @steffie said in Will there be any changes in Vivaldi due to the Spectre/Meltdown PC issue?:

    Personally i've decided to be mega hyper super proactive here. I've ditched the OS altogether, & am now running Vivaldi on my old slide-rule & log-tables. If in time they also become vulnerable, then i'll install V onto my abacus... but only with it unplugged from the wall of course [i mean, c'mon, i'm not entirely stupid].

    Unfortunately, those work-arounds are also capable of being compromised. In the old days, we called it "copying over the shoulder", a hacking technique familiar to all clever school kids at the time.



  • @blackbird Ah yes, but i omitted to mention the large aluminium foil blanket covering my SR+LT, under which i slither to operate said devices, so that i can Faraday-away any possible inductive remote detection techniques that might otherwise discover my slide & cursor positions & change-frequencies. With a bit of luck my technological innovation will offer dual protection, ie, also against those pesky schoolkids employed by Them.


  • Moderator

    When there is a security patch for Chromium browsers, Vivaldi devs will backport it as fast as it can for Stable and Snapshot.



  • The Spectre vulnerability can be misused through remote-site calls from within a website's JavaScript to attack a multi-process browser via its process memory. Using Strict Site Isolation causes each separate remote site to be loaded into a separate process so an attacking site can't reach the process memory of another site. This prevents login data for a site from being stolen by another site through the browser.

    There is currently a downside, since some sites are intentionally coded to rely on the remote site having access to the process of the invoking site - hence those sites may break in peculiar ways. That breakage problem will remain until the SSI technique becomes more widespread and the site coding is changed. Vivaldi (containing a lot of native HTML code itself) along with certain extensions may also exhibit some functionality breakage for a time until repairs eventually get made, if SSI is used.

    The following threads give more specifics (and possible problems) about Vivaldi's existing 'experimental flag' SSI functionality:
    https://forum.vivaldi.net/topic/23531/strict-site-isolation-surprise
    https://forum.vivaldi.net/topic/23538/issues-after-strict-site-isolation
    https://forum.vivaldi.net/topic/23580/if-i-close-a-windows-it-closes-all-windows (added by edit)


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.