Radi se o četvrtoj varijanti Spectre propusta "that once again uses speculative execution to expose some data through a side".
"The attack is so far known to work in a "language-based runtime environment" like the sort you'd see in a web browser (say, JavaScript), although Intel hadn't seen evidence of successful browser-based exploits."
However, unlike Meltdown (and more similar to Spectre) this new vulnerability will also include firmware updates for CPUs that could affect performance. Intel has already delivered microcode updates for Speculative Store Bypass in beta form to OEMs, and the company expects them to be more broadly available in the coming weeks. The firmware updates will set the Speculative Store Bypass protection to off-by-default, ensuring that most people won’t see negative performance impacts.
“If enabled, we’ve observed a performance impact of approximately 2-8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client 1 and server 2 test systems,” explains Leslie Culbertson, Intel’s security chief.
https://thehackernews.com/2018/05/fourth-critical-spectre-cpu-flaw.html?m=1
https://www.engadget.com/2018/05/21/intel-details-fourth-spectre-style-cpu-exploit/
Video objašnjenje