SLAP and FLOP mitigation


Elite Member
Oct 25, 2022
Hector is often fairly scathing towards security researchers, but in this case he seems to be saying that the two vulnerabilities discovered by researchers already have the appropriate mitigations in hardware, are part of the spec, and it’s effectively a software bug in the browsers not to use them rather than a hardware fault.

Hector is often fairly scathing towards security researchers, but in this case he seems to be saying that the two vulnerabilities discovered by researchers already have the appropriate mitigations in hardware, are part of the spec, and it’s effectively a software bug in the browsers not to use them rather than a hardware fault.

Yep. Just read the thread and looked at prior discussion of those bits. If you are running untrusted code in your own process, you should set the bits appropriately.