Google researchers demonstrated in March that a bug affecting some dynamic random-access memory (DRAM) chips can be exploited to gain kernel privileges on Linux and other systems.
The vulnerability exists because the memory cells in DRAM chips have been placed very close together to increase capacity and decreasing size. This makes it more difficult to prevent cells from electrically interacting with each other. Repeatedly accessing specific memory locations causes bit flips which, as Google researchers demonstrated, can be used for privilege escalation.
However, the exploits created by Google experts have been written in native code, they rely on special instructions, and they require physical access to the targeted machine.
Some hardware manufacturers, including Apple, have already started releasing BIOS updates to mitigate Rowhammer attacks. However, since many users never update the BIOS, experts propose a different approach. They advise browser vendors to integrate Rowhammer protection mechanisms in their products.