Researchers have discovered a new cross-origin #attack which allows #malicious websites to read sensitive visual data displayed by other websites using GPUs from all major suppliers. The attack, named GPU.zip, bypasses the same origin policy and steals pixels one by one by exploiting data compression used by both internal and discrete GPUs. The attack works on GPUs provided by #Apple, #Intel, #AMD, #Qualcomm, #Arm, and #Nvidia, and affects both iGPUs and discrete GPUs.
https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/
geeknik
npub1fk…gc5sk
2023-09-26 18:57:14
Author Public Key
npub1fk8rya2ra7lp8m60f8jrjg4yqfv2cc8dah8wqc49drccs3dqngzqtgc5skPublished at
2023-09-26 18:57:14Event JSON
{
"id": "10335834a4fa50e65ef784679d2fb2c2a2eb0762c539be8b58bd918559445822",
"pubkey": "4d8e327543efbe13ef4f49e43922a40258ac60ededcee062a568f18845a09a04",
"created_at": 1695754634,
"kind": 1,
"tags": [
[
"t",
"attack"
],
[
"t",
"malicious"
],
[
"t",
"apple"
],
[
"t",
"intel"
],
[
"t",
"amd"
],
[
"t",
"qualcomm"
],
[
"t",
"arm"
],
[
"t",
"nvidia"
],
[
"r",
"https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/"
]
],
"content": "Researchers have discovered a new cross-origin #attack which allows #malicious websites to read sensitive visual data displayed by other websites using GPUs from all major suppliers. The attack, named GPU.zip, bypasses the same origin policy and steals pixels one by one by exploiting data compression used by both internal and discrete GPUs. The attack works on GPUs provided by #Apple, #Intel, #AMD, #Qualcomm, #Arm, and #Nvidia, and affects both iGPUs and discrete GPUs.\n\nhttps://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/",
"sig": "c63f8c244d2992e3dd287ff62d7c76b7ae217aff97c55fc3ad8a181ed7463bd4529b1b851d19112f277ba9d2ce4a7aa0e8cefc904a6a9bb3bfe775c33594e948"
}