top | item 44301766

(no title)

silotis | 8 months ago

> Because at the time those vulnerabilities could be exploited by executing malicious javascript in a browser to steal passwords

"could be" is doing a lot of work here. AFAIK there has never been a PoC or active exploit which actually exfiltrates sensitive data from a browser using these vulnerabilities. Anyways, browsers have long since implemented software mitigations.

IIRC the real criteria for W11 support has to do with TPMs. Microsoft really wants to have secure boot on all Windows systems.

discuss

nine_k|8 months ago

Spook.js was demonstrated to steal passwords from another tab by running innocent-looking JS via the Spectre vulnerability.

https://www.spookjs.com/

unknown|8 months ago

[deleted]