A team of researchers from the Graz University of Technology in Austria and the University of Rennes in France has demonstrated a new graphics processing unit attack impacting several popular browsers and graphics cards.
The research focused on WebGPU, an API that enables web developers to use the underlying system's GPU to carry out high-performance computations in a web browser.
By leveraging this API, they have demonstrated an attack that works entirely from the web browser using JavaScript.
This makes it easier to carry out remotely, but also limits the potential impact compared to previous attacks that require access to native GPU APIs.
The academic researchers described their work as one of the first GPU cache side-channel attacks from within a browser.
The showed how the method can be leveraged for remote attacks, by getting the targeted user to access a website hosting malicious WebGPU code and stay on the site for several minutes while the exploit is being executed.
The exploit can be executed while the victim is reading an article on the malicious site.
No other type of user interaction is required to conduct an attack.
The new method, the experts demonstrated, can be used for inter-keystroke timing attacks, which can allow inferring sensitive information such as passwords based on keystroke timing data.
The research targeted 11 desktop graphics cards: two RX series products from AMD, and nine GTX, RTX and Quadro series products from NVIDIA. The attack targets browsers with WebGPU support, which includes Chrome, Chromium, Edge, and Firefox Nightly.
Mozilla, AMD, NVIDIA and Chromium developers have been notified.
The researchers said none of the other companies plan on taking any action either.
Giner said they suggested a permission pop-up in the browser, such as the one requesting microphone or camera access.
The Chromium team said it had found that asking users to make security decisions whose implications they don't comprehend adds friction without making them safer.
It shows whether WebGPU is available and conducts a harmless attack in the browser.
Also updated third paragraph to clarify that this is one of the first GPU cache side-channel attacks from within a browser, rather than 'the first' attack of this kind.
This was the first attack when the paper was being written, but others have since conducted similar research with different targets.
This Cyber News was published on www.securityweek.com. Publication date: Mon, 18 Mar 2024 14:28:04 +0000