This attack allows malicious sites to read sensitive visual data, including usernames and passwords, displayed on other sites. By leveraging data compression used by both onboard and discrete graphics processors, the attack allows you to bypass the same-origin policy, one of the main limits of Internet security.
The attack is limited to Google Chrome and Microsoft Edge browsers and requires permission settings for iframes, rendering of SVG filters on iframes, and GPU rendering tasks. The researchers emphasized that although GPU.zip does not pose an immediate threat, it highlights the importance of sound web development practices and the need to re-evaluate trust in hardware as the “root of trust.” The research results will be presented at the 45th IEEE Security and Privacy Symposium.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
