SharedArrayBuffer enabled, so cef 3112 - 3282 appear vulnerable to spectre

Issue #2360 resolved
Dan Kegel created an issue

I hear the early mitigation for Spectre is to disable SharedArrayBuffer.

To test whether this has been done, load the one-line file


into cefclient (a file: url works). If the alert says "unknown", it's disabled.

I just tested my builds of cef. 2526 and 2704 appear to not support SharedArrayBuffer, but 3112, 3202, 3239, and 3282 do.

On January 5th, cef 3282 updated to Chromium version 64.0.3282.71. However, this does not seem to be new enough, as shows a commit on Jan 6th that disabled SharedArrayBuffers:

Time to pull from upstream on the supported branches, if you're not already in the middle of it?

Comments (2)

  1. Marshall Greenblatt

    An update to 64.0.3282.119 is currently in progress. Builds should be available from Spotify in a few days.

  2. Log in to comment