Alibaba[1]-owned UCWeb has pushed a new update to its UC Browser[2] that is claimed to protect the user from Spectre[3] vulnerabilities. The new UC Browser 12.0 update is currently available to download from Google Play[4]. The Spectre vulnerabilities became public earlier this month, and affect both smartphones and computers.
The hardware bug, alongside the Meltdown[5] bug, can be exploited to allow the memory content of a computer to be leaked, which could potentially expose stored passwords and other sensitive data, including personal photos, emails and instant messages.
In a release, UCWeb[6] said, "On vulnerable systems, Meltdown and Spectre increase the risk of side-channel attacks triggered by malicious web content, potentially allowing attackers to access private information outside the scope of a given website. One way that UC Browser is mitigating this risk is by disrupting the comparison of the singularity and making the accessing time trivial. Among them, the high precision run-time interface of JS is the main restoration object. Since attacks on Spectre requires measuring precise time intervals, UC Browser reduces the resolution of performance now. So, it is impossible to read user's Web browsing history or password from malicious Web content after the latest update."
Apple[7], Intel[8], AMD[9], and Microsoft[10] are among the companies that have pushed patches to protect devices they make from Meltdown and Spectre vulnerabilities. Intel said[11] it will launch updated chips with safeguards against both Meltdown and Spectre built-in. The bugs also affect cloud-computing services powering much of the Internet....