> Or are these other VMs not susceptible to this form of attack? I think the mai... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

UncleEntity on Jan 9, 2018 | parent | context | favorite | on: What Spectre and Meltdown Mean for WebKit

> Or are these other VMs not susceptible to this form of attack?

I think the main difference is all the other dynamic languages don't let someone do a driveby attack, you have to download the code and run it as opposed to clicking a link and having who knows what appear.

swinglock on Jan 9, 2018 [–]

Actually it's not entirely exotic for games to use Lua in a manner that's comparable to JavaScript in browsers.

Connecting to a server could instruct the client to download a custom map that embeds code or download and execute sandboxed code alone by design.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact