The research team says this new CPU vulnerability is due to a design flaw in the microarchitecture of modern processors that can be exploited by attacking the process of "speculative execution," an optimisation technique used to improve CPU performance.
Codenamed SplitSpectre, the variant changes the way the attack is carried out making it easier.
The improved exploitation scenario can be run within the attacker's own malicious code, instead of the target's kernel, simplifying the exploitation procedure.
Researchers say that this attack technically extends the length of the speculative execution window, which "is an instrumental part in extending the capabilities of [an][...] attacker."
The existing Spectre mitigations would thwart the SplitSpectre attacks. This includes CPU microcode updates that CPU vendors have released over the past year, updates to popular code compilers to harden apps against Spectre-like attacks, and the browser-level modifications that browser vendors have shipped with post-January 2018 browser releases to make it infeasible to carry out web-based Spectre attacks.
"All things considered, our analyses lead us to conclude that the attack is viable, and that the ability to trigger it in practice depends on the identified microarchitectural properties of individual CPU families", researchers said.