In GPU interface

Graz researchers discover browser security vulnerability

Researchers at TU Graz discovered a security vulnerability that threatens web browsers.

(Bild: ©insta_photos - stock.adobe.com)

WebGPU is designed to improve the performance of graphics cards on the web. However, the browser interface, which is currently under active development, also harbors risks: a research team from Graz University of Technology has discovered a security vulnerability in the interface and was able to spy on information with the help of WebGPU, as the Graz University of Technology reported on Monday. Browser manufacturers have already been informed.

Websites place ever-increasing demands on the computing power of computers. For this reason, web browsers have had access to the computing capacities of the graphics processing unit (GPU) in addition to the CPU of a computer for several years. The scripting language JavaScript can use the GPU resources via the new WebGPU interface. However, malicious JavaScript can also be used by attackers to obtain information on data, keystrokes and encryption keys on other computers, as researchers from the Institute of Applied Information Processing and Communication Technology at TU Graz have demonstrated. "With our work, we want to clearly point out to browser manufacturers that they need to deal with access to the GPU in the same way as with other resources that affect security and privacy," emphasized Lukas Giner from the Institute of Applied Information Processing and Communication Technology at TU Graz.

The interface is intended to give the browser easier access to the graphics processor. However, there are risks involved.

(Bild: stock.adobe.com)

WebGPU was developed as an interface that enables accelerated graphics and computer calculations and is intended to revolutionize the way we interact with the web. The new standard is still under active development, but browsers such as Chrome, Chromium, Microsoft Edge and test versions of Firefox already rely on the new technology, according to the Graz University of Technology.

Three different attack vectors
The research team carried out three different attacks on different systems. For their attacks, they used the access to the computer's cache memory available via WebGPU. It is intended for particularly fast and short-term data access from the CPU and GPU. This side channel was used to obtain meta-information that allows conclusions to be drawn about security-relevant information: the team was able to track changes in the cache by filling it themselves using code in the JavaScript via WebGPU and monitoring when their own data was removed from the cache by input. This made it possible to analyze keystrokes relatively quickly and accurately.

By segmenting the cache more finely, the "TU spies" working in the service of cyber security were also able to set up their own secret communication channel in a second attack, in which filled and unfilled cache segments served as zeros and ones and thus as the basis for binary codes. Using around 1,000 of these cache segments, they achieved transmission speeds of up to 10.9 kilobytes per second, which was fast enough to transmit simple information. Attackers could use such a communication channel to extract data that they could read using other attacks in areas of the computer that are separated from the Internet, it was emphasized.

Encryption also vulnerable
The third attack targeted the encryption used to encode documents, connections and servers (AES). Here, too, they filled up the cache - but this time with their own AES encryption. The reaction of the cache to this identified the locations in the system that are responsible for encryption and where the keys of the attacked system are tapped.

"We have of course communicated the findings of our work to the browser manufacturers in advance and we hope that they will take this issue into account in the further development of WebGPU," said Roland Czerny from the Institute of Applied Information Processing and Communication Technology at TU Graz. The experiments and the resulting publication will also be presented in Singapore at the ACM Asia Conference on Computer and Communications Security in July.