A team of researchers from the Graz University of Technology in Austria and the University of Rennes in France has demonstrated a new graphics processing unit (GPU) attack impacting several popular browsers and graphics cards.
The research focused on WebGPU, an API that enables web developers to use the underlying system’s GPU to carry out high-performance computations in a web browser. By leveraging this API, they have demonstrated an attack that works entirely from the web browser using JavaScript. This makes it easier to carry out remotely, but also limits the potential impact compared to previous attacks that require access to native GPU APIs.
The academic researchers described their work as one of the first GPU cache side-channel attacks from within a browser. The showed how the method can be leveraged for remote attacks, by getting the targeted user to access a website hosting malicious WebGPU code and stay on the site for several minutes while the exploit is being executed.
For instance, the exploit can be executed while the victim is reading an article on the malicious site. No other type of user interaction is required to conduct an attack.
The new method, the experts demonstrated, can be used for inter-keystroke timing attacks, which can allow inferring sensitive information such as passwords based on keystroke timing data. It can also be used to obtain GPU-based AES encryption keys within a few minutes, as well as for covert data exfiltration channels with transmission rates of up to 10 Kb/s.
“Our work emphasizes that browser vendors need to treat access to the GPU similar to other security- and privacy-related resources,” the researchers noted.
Lukas Giner, one of the researchers involved in the project, told SecurityWeek that while the attacks they demonstrated are not “extremely strong”, they do demonstrate the potential risks posed by browsers giving any website access to the host system’s graphic’s card without specifically requesting permission.
“This can lead to stealthy attacks like ours (or potentially worse ones in the future), or websites simply using the GPU for things like crypto mining with the user being totally oblivious,” Giner explained.
The research targeted 11 desktop graphics cards: two RX series products from AMD, and nine GTX, RTX and Quadro series products from NVIDIA. The attack targets browsers with WebGPU support, which includes Chrome, Chromium, Edge, and Firefox Nightly.
“By targeting web browsers, our threat model includes any scenario where a browser might run while sensitive information is being processed. Because the entire system usually shares the GPU, this can include anything rendered (such as websites or applications) and general-purpose computing operations,” the researchers wrote in a paper detailing their work.
Mozilla, AMD, NVIDIA and Chromium developers have been notified. AMD has published an advisory saying that it “does not believe that any exploit against AMD products is demonstrated by the researchers”.
The researchers said none of the other companies plan on taking any action either.
Giner said they suggested a permission pop-up in the browser, such as the one requesting microphone or camera access. The Chromium team, however, said it had found that asking users to make security decisions whose implications they don’t comprehend adds friction without making them safer.
A small proof-of-concept (PoC) has been made available. It shows whether WebGPU is available and conducts a harmless attack in the browser.
*updated to rephrase response from Chromium team. Also updated third paragraph to clarify that this is one of the first GPU cache side-channel attacks from within a browser, rather than ‘the first’ attack of this kind. This was the first attack when the paper was being written, but others have since conducted similar research with different targets.
Related: New GPU Side-Channel Attack Allows Malicious Websites to Steal Data
Related: AI Data Exposed to ‘LeftoverLocals’ Attack via Vulnerable AMD, Apple, Qualcomm GPUs
