Known as Speculative Store Bypass or “Variant 4”, these new vulnerabilities have a low risk profile assigned to them partly due to the patches that were released earlier this month for the Spectre and Meltdown vulnerabilities.
Security researchers from Alphabet’s Google and from Microsoft Corp have unearthed new security vulnerabilities that impact a broad range of modern computing chips that are related to the family of the Spectre and Meltdown chip flaws that emerged in January 2018.
These new vulnerabilities, known as Speculative Store Bypass or “Variant 4” are named thus since they fall in the same family as the original group of vulnerabilities.
The vulnerabilities impact many chips from Intel Corp, Advanced Micro Devices Inc and ARM Holdings’ stable.
Researchers have assigned a low risk profile to the latest vulnerabilities, partly due to the release of web browser patches that were issued in the wake of the Spectre vulnerability.
The Spectre and the Meltdown vulnerabilities can potentially allow hackers to read sensitive data on chips, including passwords. These vulnerabilities result from the way modern computers try to guess what users are likely to do next, in a process called speculative execution.
In its findings, researchers from Microsoft stated, existing patches that were issued earlier for common web browsers, earlier this year, significantly increases the difficulty for hackers trying to carrying out an attack based on these latest exploits.
Following the release of updates for these vulnerabilities, Intel stated it expects a performance slowdown in the range of 2% to 8% while ARM stated it expects a slowdown between 1% to 2%.
Intel said, due to the low risk profile of these newly discovered vulnerabilities, it would ship its chips with the patches turned off and give its users a choice whether to turn them on. AMD also advised leaving the patches turned off due to the difficulty of carrying out an attack.
The new discoveries appear not to have impacted the chipmaker’s stock prices.