Connect with us

Hi, what are you looking for?



New Attack Shows Risks of Browsers Giving Websites Access to GPU 

Researchers demonstrate remote GPU cache side-channel attack from within browsers against AMD and NVIDIA graphics cards.

GPU attack

A team of researchers from the Graz University of Technology in Austria and the  University of Rennes in France has demonstrated a new graphics processing unit (GPU) attack impacting several popular browsers and graphics cards.

The research focused on WebGPU, an API that enables web developers to use the underlying system’s GPU to carry out high-performance computations in a web browser. By leveraging this API, they have demonstrated an attack that works entirely from the web browser using JavaScript. This makes it easier to carry out remotely, but also limits the potential impact compared to previous attacks that require access to native GPU APIs.

The academic researchers described their work as one of the first GPU cache side-channel attacks from within a browser. The showed how the method can be leveraged for remote attacks, by getting the targeted user to access a website hosting malicious WebGPU code and stay on the site for several minutes while the exploit is being executed. 

For instance, the exploit can be executed while the victim is reading an article on the malicious site. No other type of user interaction is required to conduct an attack.

The new method, the experts demonstrated, can be used for inter-keystroke timing attacks, which can allow inferring sensitive information such as passwords based on keystroke timing data. It can also be used to obtain GPU-based AES encryption keys within a few minutes, as well as for covert data exfiltration channels with transmission rates of up to 10 Kb/s.

“Our work emphasizes that browser vendors need to treat access to the GPU similar to other security- and privacy-related resources,” the researchers noted.

Lukas Giner, one of the researchers involved in the project, told SecurityWeek that while the attacks they demonstrated are not “extremely strong”, they do demonstrate the potential risks posed by browsers giving any website access to the host system’s graphic’s card without specifically requesting permission. 

“This can lead to stealthy attacks like ours (or potentially worse ones in the future), or websites simply using the GPU for things like crypto mining with the user being totally oblivious,” Giner explained. 

Advertisement. Scroll to continue reading.

The research targeted 11 desktop graphics cards: two RX series products from AMD, and nine GTX, RTX and Quadro series products from NVIDIA. The attack targets browsers with WebGPU support, which includes Chrome, Chromium, Edge, and Firefox Nightly. 

“By targeting web browsers, our threat model includes any scenario where a browser might run while sensitive information is being processed. Because the entire system usually shares the GPU, this can include anything rendered (such as websites or applications) and general-purpose computing operations,” the researchers wrote in a paper detailing their work. 

Mozilla, AMD, NVIDIA and Chromium developers have been notified. AMD has published an advisory saying that it “does not believe that any exploit against AMD products is demonstrated by the researchers”. 

The researchers said none of the other companies plan on taking any action either. 

Giner said they suggested a permission pop-up in the browser, such as the one requesting microphone or camera access. The Chromium team, however, said it had found that asking users to make security decisions whose implications they don’t comprehend adds friction without making them safer.

A small proof-of-concept (PoC) has been made available. It shows whether WebGPU is available and conducts a harmless attack in the browser. 

*updated to rephrase response from Chromium team. Also updated third paragraph to clarify that this is one of the first GPU cache side-channel attacks from within a browser, rather than ‘the first’ attack of this kind. This was the first attack when the paper was being written, but others have since conducted similar research with different targets.

Related: New GPU Side-Channel Attack Allows Malicious Websites to Steal Data

Related: AI Data Exposed to ‘LeftoverLocals’ Attack via Vulnerable AMD, Apple, Qualcomm GPUs

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

Shaun Khalfan has joined payments giant PayPal as SVP, CISO.

More People On The Move

Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.