> The branch predictor would then be mistrained by iterating over a very large dataset using bitwise operations for setting the index to in-range values, and then using an out-of-bounds address for the final iteration. A high-precision timer would then be required in order to determine if a set of reads led to a cache hit or a cache miss. While browsers like Chrome, Firefox have restrictions on the resolution of timers, the Spectre author was able to create a high-precision timer using the web worker feature of HTML5.
> As of Firefox 57.0.4, Mozilla was reducing the resolution of JavaScript timers to help prevent timing attacks, with additional work on time-fuzzing techniques planned for future releases.
[1]: https://en.wikipedia.org/wiki/Spectre_(security_vulnerabilit...