Spectre

Disclosed in January 2018, Spectre (CVE-2017-5753 Variant 1, CVE-2017-5715 Variant 2 and several follow-ups) exploits the fact that modern out-of-order CPUs speculatively execute instructions past mispredicted branches or indirect jumps. The transient instructions touch caches, leaving observable side effects that an attacker can read with precise timing measurements — even when the speculative result was never committed architecturally. Spectre affects Intel, AMD, ARM and other vendors, breaks process and VM isolation, and is hard to patch fully. Mitigations include compiler barriers (retpoline, LFENCE, speculative load hardening), microcode updates (IBRS, IBPB, STIBP, eIBRS), process isolation, site-isolation in browsers, and architectural redesign in newer CPUs.