This site hosts a proof of concept for the Spectre vulnerability written in JavaScript. It was developed and optimized for Chrome 88 running on an Intel® Core™ i7-6500U processor on Linux. While it was confirmed to work on other CPUs (different vendor and/or generation), operating systems and Chromium flavors, you might have to adjust the configuration and it might work less reliably (or not at all). Note that the goal of this proof of concept is to demonstrate the feasibility of a web-based Spectre exploit. It is not a test to see if your device is vulnerable or not. All code is public, you can find it on GitHub.

This demo is split into three parts:

  1. Calibrating the timer to observe side effects of the CPU's speculative execution.
  2. A demonstration that infers the memory layout of a JavaScript array.
  3. The Spectre proof of concept itself, leaking memory of your browser's renderer process.

If you want to learn more about the impact on the web and how to protect your website, please check out our blog post.

When you're ready, click the next button on the bottom right to start.

Spoiler: what a successful demo looks like.