A year with Spectre: a V8 perspective

Here's an article on the V8 blogdescribing the work that was done to mitigate Spectre vulnerabilities inthe V8 JavaScript engine. "Our research reached the conclusion that,in principle, untrusted code can read a process's entire address spaceusing Spectre and side channels. Software mitigations reduce theeffectiveness of many potential gadgets, but are not efficient orcomprehensive. The only effective mitigation is to move sensitive data outof the process's address space."