> The overwhelming majority of software authors are unconcerned about cross-process Spectre attacks, indicated by the fact that none of them enable IBPB. The only exception I've seen is Google Chrome.
As expected, Google goes the extra mile again to keep their users safe.
I believe Chrome is also the only software that enables certain mitigations such as ProcessSystemCallDisablePolicy on Windows and NO_SMT and TECS on macOS [1]. I wonder if some of these OS features have been implemented at Google's request.
However, in the case of Spectre, I think the OS should try to prevent exploitation rather than end programs, with a user-facing toggle to disable mitigations per-program for compatibility reasons.
As expected, Google goes the extra mile again to keep their users safe.
reply