"New GPU Side-Channel Attack Exposes Major Suppliers' Vulnerabilities"
Researchers have discovered a new side-channel attack called GPU.zip that exploits graphical data compression in modern GPUs, rendering them vulnerable to information leakage. The attack can be used to steal pixels from a cross-origin iframe in web browsers, bypassing critical security boundaries such as same-origin policy. Chrome and Microsoft Edge are particularly susceptible, while Firefox and Safari are not impacted. The attack can be mitigated by denying cross-origin embedding and implementing X-Frame-Options and Content Security Policy rules.