>Why would use of a credential manager change this?
Change what?
>If its leaking something out of memory it should effect all memory within the Safari process space?
AFAIU, Safari generally puts different origins and extensions in different address spaces, so it's not vulnerable to speculative execution attacks. This attack found a way to make 2 different origins share the same address space. I'm assuming the attack doesn't apply to extensions. From the paper:
>We begin by abusing Safari’s site isolation policy, demonstrating a new technique that allows the attacker page to share the address space with arbitrary victim pages, simply by opening them using the JavaScript window.open API.
Change what?
>If its leaking something out of memory it should effect all memory within the Safari process space?
AFAIU, Safari generally puts different origins and extensions in different address spaces, so it's not vulnerable to speculative execution attacks. This attack found a way to make 2 different origins share the same address space. I'm assuming the attack doesn't apply to extensions. From the paper:
>We begin by abusing Safari’s site isolation policy, demonstrating a new technique that allows the attacker page to share the address space with arbitrary victim pages, simply by opening them using the JavaScript window.open API.