"New GPU Side-Channel Attack Exposes Major Suppliers' Vulnerabilities"

September 27, 2023 at 12:55 PM

•

1 min read

"New GPU Side-Channel Attack Exposes Major Suppliers' Vulnerabilities" — Photo: The Hacker News

TL;DR Summary

Researchers have discovered a new side-channel attack called GPU.zip that exploits graphical data compression in modern GPUs, rendering them vulnerable to information leakage. The attack can be used to steal pixels from a cross-origin iframe in web browsers, bypassing critical security boundaries such as same-origin policy. Chrome and Microsoft Edge are particularly susceptible, while Firefox and Safari are not impacted. The attack can be mitigated by denying cross-origin embedding and implementing X-Frame-Options and Content Security Policy rules.

Topics:technology #gpu #graphics-processing-units #information-leakage #side-channel-attack #vulnerability-endpoint-security #web-browser-security

Share this article

Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data The Hacker News
GPUs from all major suppliers are vulnerable to new pixel-stealing attack Ars Technica
Modern GPUs vulnerable to new GPU.zip side-channel attack BleepingComputer
GPUs from Nvidia, AMD, Intel, and Others Vulnerable to Pixel-Stealing GPU-zip Attack Tom's Hardware
New GPU Side-Channel Attack Allows Malicious Websites to Steal Data SecurityWeek
View Full Coverage on Google News

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

86%

555 → 77 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights