Spectroscope

Search for endpoints potentially vulnerable to Spectre.

Spectroscope - Identify vulnerable endpoints

Spectroscope is a prototype Chrome extension designed for security engineers and web developers to identify application resources that are not protected from being embedded by other websites. It helps track down endpoints vulnerable to Spectre and other cross-site attacks, providing security recommendations to protect your resources.
Install from Chrome Web Store

Extension stats

Users: 177
-9
Rating: 5.00
(2)
Version: 0.1.0 (Last updated: 2021-08-19)
Creation date: 2021-03-07
Risk impact: Moderate risk impact
Risk likelihood:
Manifest version: 2
Permissions:
  • cookies
  • http://*/*
  • https://*/*
  • storage
Size: 5.77M

Other platforms

Not available on Android
Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

Spectroscope is a prototype extension for security engineers and web developers to help track down application resources which aren't protected from being embedded by other websites. Such resources can, in some cases, be exfiltrated by malicious sites making use of CPU-level information leaks on users' devices, such as the Spectre vulnerability.

The tool identifies resources which are exempt from default protections enabled in Google Chrome (Cross-Origin Read Blocking, SameSite cookies) and which can be embedded cross-site. The results are added to Chrome's DevTools "Spectroscope" panel and include security recommendations to help protect your resources from Spectre and other cross-site attacks.

Note: This is a prototype extension which is meant to be used only as a convenience tool to help you protect your site; it is not an official Google product. Testing your site with Spectroscope is not a substitute for careful deployment of recommended web security features. See https://w3c.github.io/webappsec-post-spectre-webdev/ for a complete list of best practices.

Authors (alphabetically): Roberto Clapis, Santiago Diaz, Aleksandr Dobkin, David Dworken, Artur Janc, Aaron Shim, Lukas Weichselbaum

User reviews

I was finally able to find the ghost in the machine using this extension.
by Jerry Zhang, 2021-03-16

I used to not believe in ghosts. But after using this extension, I feel like I see dead people!
by Eduardo' Vela" Nava, 2021-03-12
View all user reviews

Extension safety

Risk impact

Spectroscope requires a few sensitive permissions. Exercise caution before installing.

Risk likelihood

Spectroscope has earned a good reputation and can be trusted.

Upgrade to see risk analysis details

Similar extensions

Here are some Chrome extensions that are similar to Spectroscope: