SharedArrayBuffer had been disabled for exactly that reason but has been enabled again for cross-origin isolated pages (https://developer.chrome.com/blog/enabling-shared-array-buff...) - which in turn allows to have 'proper' pthreads in Emscripten: https://emscripten.org/docs/porting/pthreads.html

Can what now? I was under the impression spectre gave you access to data, not arbitrary code execution.

Also, I imagine that web assembly is a bytecode format and that should be _less_ susceptible to spectre.

Can you expand? This seems wrong to me.

Edit: read some papers, I'll be damned, it can. I don't understand how tho'. Would love to try playing with a POC that does that.

See https://blog.mozilla.org/security/2018/01/03/mitigations-lan...