Connect with us

Hi, what are you looking for?



New Attack Shows Risks of Browsers Giving Websites Access to GPU 

Researchers demonstrate remote GPU cache side-channel attack from within browsers against AMD and NVIDIA graphics cards.

GPU attack

A team of researchers from the Graz University of Technology in Austria and the  University of Rennes in France has demonstrated a new graphics processing unit (GPU) attack impacting several popular browsers and graphics cards.

The research focused on WebGPU, an API that enables web developers to use the underlying system’s GPU to carry out high-performance computations in a web browser. By leveraging this API, they have demonstrated an attack that works entirely from the web browser using JavaScript. This makes it easier to carry out remotely, but also limits the potential impact compared to previous attacks that require access to native GPU APIs.

The academic researchers described their work as one of the first GPU cache side-channel attacks from within a browser. The showed how the method can be leveraged for remote attacks, by getting the targeted user to access a website hosting malicious WebGPU code and stay on the site for several minutes while the exploit is being executed. 

For instance, the exploit can be executed while the victim is reading an article on the malicious site. No other type of user interaction is required to conduct an attack.

The new method, the experts demonstrated, can be used for inter-keystroke timing attacks, which can allow inferring sensitive information such as passwords based on keystroke timing data. It can also be used to obtain GPU-based AES encryption keys within a few minutes, as well as for covert data exfiltration channels with transmission rates of up to 10 Kb/s.

“Our work emphasizes that browser vendors need to treat access to the GPU similar to other security- and privacy-related resources,” the researchers noted.

Lukas Giner, one of the researchers involved in the project, told SecurityWeek that while the attacks they demonstrated are not “extremely strong”, they do demonstrate the potential risks posed by browsers giving any website access to the host system’s graphic’s card without specifically requesting permission. 

“This can lead to stealthy attacks like ours (or potentially worse ones in the future), or websites simply using the GPU for things like crypto mining with the user being totally oblivious,” Giner explained. 

Advertisement. Scroll to continue reading.

The research targeted 11 desktop graphics cards: two RX series products from AMD, and nine GTX, RTX and Quadro series products from NVIDIA. The attack targets browsers with WebGPU support, which includes Chrome, Chromium, Edge, and Firefox Nightly. 

“By targeting web browsers, our threat model includes any scenario where a browser might run while sensitive information is being processed. Because the entire system usually shares the GPU, this can include anything rendered (such as websites or applications) and general-purpose computing operations,” the researchers wrote in a paper detailing their work. 

Mozilla, AMD, NVIDIA and Chromium developers have been notified. AMD has published an advisory saying that it “does not believe that any exploit against AMD products is demonstrated by the researchers”. 

The researchers said none of the other companies plan on taking any action either. 

Giner said they suggested a permission pop-up in the browser, such as the one requesting microphone or camera access. The Chromium team, however, said it had found that asking users to make security decisions whose implications they don’t comprehend adds friction without making them safer.

A small proof-of-concept (PoC) has been made available. It shows whether WebGPU is available and conducts a harmless attack in the browser. 

*updated to rephrase response from Chromium team. Also updated third paragraph to clarify that this is one of the first GPU cache side-channel attacks from within a browser, rather than ‘the first’ attack of this kind. This was the first attack when the paper was being written, but others have since conducted similar research with different targets.

Related: New GPU Side-Channel Attack Allows Malicious Websites to Steal Data

Related: AI Data Exposed to ‘LeftoverLocals’ Attack via Vulnerable AMD, Apple, Qualcomm GPUs

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

Check Point Software has appointed Nadav Zafrir as Chief Executive Officer.

BlackFog has named Brenda Robb as President, John Sarantakes as CRO, and Mark Griffith as VP of Strategic Sales.

Former NSA cybersecurity chief Rob Joyce has joined Sandfly Security's Advisory Board.

More People On The Move

Expert Insights