Item logo image for Spectroscope

Spectroscope

5.0(

2 ratings

)
ExtensionDeveloper Tools177 users
Item media 4 screenshot
Item media 5 screenshot
Item media 1 screenshot
Item media 2 screenshot
Item media 3 screenshot
Item media 4 screenshot
Item media 5 screenshot
Item media 1 screenshot
Item media 2 screenshot
Item media 1 screenshot
Item media 2 screenshot
Item media 3 screenshot
Item media 4 screenshot
Item media 5 screenshot

Overview

Search for endpoints potentially vulnerable to Spectre.

Spectroscope is a prototype extension for security engineers and web developers to help track down application resources which aren't protected from being embedded by other websites. Such resources can, in some cases, be exfiltrated by malicious sites making use of CPU-level information leaks on users' devices, such as the Spectre vulnerability. The tool identifies resources which are exempt from default protections enabled in Google Chrome (Cross-Origin Read Blocking, SameSite cookies) and which can be embedded cross-site. The results are added to Chrome's DevTools "Spectroscope" panel and include security recommendations to help protect your resources from Spectre and other cross-site attacks. Note: This is a prototype extension which is meant to be used only as a convenience tool to help you protect your site; it is not an official Google product. Testing your site with Spectroscope is not a substitute for careful deployment of recommended web security features. See https://w3c.github.io/webappsec-post-spectre-webdev/ for a complete list of best practices. Authors (alphabetically): Roberto Clapis, Santiago Diaz, Aleksandr Dobkin, David Dworken, Artur Janc, Aaron Shim, Lukas Weichselbaum

5 out of 52 ratings

Google doesn't verify reviews. Learn more about results and reviews.

Details

  • Version
    0.1.0
  • Updated
    August 18, 2021
  • Offered by
    Lukas Weichselbaum
  • Size
    5.5MiB
  • Languages
    English
  • Developer
    Email
    lweichselbaum@google.com
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

The developer has disclosed that it will not collect or use your data.

This developer declares that your data is

  • Not being sold to third parties, outside of the approved use cases
  • Not being used or transferred for purposes that are unrelated to the item's core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes
Google apps