Posted on 01-16-2018 04:42 PM
Firefox (mainline and ESR)
Mozilla Foundation Security Advisory 2018-01 | Speculative execution side-channel attack ("Spectre")
- Fixed in Firefox 57.0.4 (mainline), or Firefox ESR 52.x.
Actions required to mitigate Speculative Side-Channel Attack techniques
- Google Chrome for Enterprise can be handled by Google Admin policy.
- For standard Google Chrome, looks like the fix is GUI, go to [chrome://flags/#enable-site-per-process](chrome://flags/#enable-site-per-process) > Strict site isolation > Enable.
Ether beer to anyone who can come up with a way to programmatically set the non-enterprise version of Google Chrome. :)
Posted on 01-16-2018 04:47 PM
I am using the "Custom settings" option in a config profile with the following set:
Works really well, but only once Chrome gets relaunched.
Posted on 01-16-2018 04:49 PM
@saul.herman Nice, they mention the
SitePerProcess key, wish they'd get their documentation updated.
We'll test this...and yea ether beer...
Posted on 01-16-2018 05:43 PM
Posted on 01-16-2018 06:05 PM
@donmontalvo It might not show up unde the chrome://flags URL but if you go to chrome://policy it will show there as being enabled. Have you tried that?
Posted on 01-18-2018 12:27 AM