Posted 9/26/2023, 5:40:53 PM

GPU Side Channel Attack Bypasses Browser Security to Steal Sensitive Visual Data

SAME ORIGIN POLICY SHATTERED - A newly discovered GPU compression side channel allows malicious websites to read sensitive visual data from other websites.
The attack works by abusing GPU compression schemes that optimize bandwidth, creating a side channel to bypass the same origin policy.
Proof-of-concept attack succeeds in stealing pixels to reveal usernames on sites like Wikipedia in browsers like Chrome and Edge.
Attack works on Apple, Intel, AMD, Qualcomm, Arm, and Nvidia GPUs by reverse-engineering their proprietary compression schemes.
Even passive, coarse-grained attacks can steal individual pixels due to data-dependent compression output affecting memory traffic.

arstechnica.com

Relevant topic timeline:

9/27/2023

Researchers Uncover New GPU Attack That Leaks Visual Data

Researchers from four American universities have discovered a new vulnerability called GPU.zip that uses data compression to leak sensitive visual data from modern graphics cards when visiting web pages, and as of September 2023, no affected GPU vendors or Google have released patches to address the issue.