Help

Spectra and Firefox/Chrome

donmontalvo
Esteemed Contributor III

Posted on ‎01-16-2018 04:42 PM

Firefox (mainline and ESR)
Mozilla Foundation Security Advisory 2018-01 | Speculative execution side-channel attack ("Spectre")
- Fixed in Firefox 57.0.4 (mainline), or Firefox ESR 52.x.

Google Chrome
Actions required to mitigate Speculative Side-Channel Attack techniques
- Google Chrome for Enterprise can be handled by Google Admin policy.
- For standard Google Chrome, looks like the fix is GUI, go to [chrome://flags/#enable-site-per-process](chrome://flags/#enable-site-per-process) > Strict site isolation > Enable.

Ether beer to anyone who can come up with a way to programmatically set the non-enterprise version of Google Chrome. :)

--
https://donmontalvo.com
Reply
5 REPLIES 5

saul_herman
New Contributor II

Posted on ‎01-16-2018 04:47 PM

I am using the "Custom settings" option in a config profile with the following set:

65c303624dac46a5a0188363222ab16c

Works really well, but only once Chrome gets relaunched.

Reply

donmontalvo
Esteemed Contributor III

Posted on ‎01-16-2018 04:49 PM

@saul.herman Nice, they mention the SitePerProcess key, wish they'd get their documentation updated.

We'll test this...and yea ether beer...

--
https://donmontalvo.com
Reply

donmontalvo
Esteemed Contributor III

Posted on ‎01-16-2018 05:43 PM

¯_(ツ)_/¯

https://www.jamf.com/jamf-nation/discussions/26700/google-chrome-manifest-force-flag-to-enabled#resp...

--
https://donmontalvo.com
0 Kudos
Reply

saul_herman
New Contributor II

Posted on ‎01-16-2018 06:05 PM

@donmontalvo It might not show up unde the chrome://flags URL but if you go to chrome://policy it will show there as being enabled. Have you tried that?

0 Kudos
Reply

donmontalvo
Esteemed Contributor III

Posted on ‎01-18-2018 12:27 AM

@saul.herman yep, confirming you are right. Thanks for the heads up!

--
https://donmontalvo.com
0 Kudos
Reply