Information leaks possible with novel GPU side-channel attack

Modern integrated graphics processing units, including those manufactured by AMD, Arm, Apple, Intel, Qualcomm, and Nvidia, could be targeted to expose sensitive data through the new GPU.zip side-channel attack, which exploits graphical data compression, The Hacker News reports. Exploitation of the iGPU-based compression channel could allow threat actors to conduct cross-origin pixel theft in Google Chrome and Microsoft Edge, which have SVG filters, reported researchers from the University of Texas at Austin, University of Illinois Urbana-Champaign, University of Washington, and Carnegie Mellon University. "The reason is that the attacker can create highly redundant or highly non-redundant patterns depending on a single secret pixel in the browser. As these patterns are processed by the iGPU, their varying degrees of redundancy cause the lossless compression output to depend on the secret pixel," said researchers. Researchers also noted that Apple Safari and Mozilla Firefox, as well as websites that no longer allow embedding by cross-origin sites, are not vulnerable to the GPU.zip attack.