Let's turn back the clock. Spectre was disclosed with another vulnerability, Meltdown, that vendors were quick to address despite their fixes causing slight performance drops. Responding to Spectre has proven more difficult because it requires Intel, AMD, Arm, and Nvidia to change their processor architectures.
In the meantime, it's up to other companies to limit their customers' exposure to the vulnerability, which is where this proof-of-concept comes in. Google said in a blog post that it wanted to "give web application owners a better understanding of the impact Spectre vulnerabilities can have on the security of their users' data."
Leaky.Page was originally configured for Chrome 88 running on an unidentified version of Linux and an Intel Core i7-6500U. Google said that its proof-of-concept could "function across a variety of operating systems, processor architectures, and hardware generations," however, "without any major changes" to the code.
The company only named one additional processor susceptible to this exploit: the M1 chip Apple introduced in November 2020. That doesn't come as a surprise—we already knew that Arm's designs were affected by Spectre—but it's a worthwhile reminder that Apple silicon can be affected by three-year-old vulnerabilities.
Google said its tests on Chrome 88, Linux, and an Intel Skylake processor leaked data at speeds up to 1kB/s. Results will vary based on the system tested, however, which is why Leaky.Page could prove useful. A list of recommendations to web developers looking to protect their users can be found in Google's blog post.
Even they aren't enough. Google noted that "while all of the mechanisms described in this article are important and powerful security primitives, they don't guarantee complete protection against Spectre; they require a considered deployment approach which takes behaviors specific to the given application into account."