diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2022-02-04 17:20:24 +0100 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2022-02-12 08:15:25 +0000 |
| commit | 8fa0776f1f79e91fc9c0b9c1ba11a0a29c05196b (patch) | |
| tree | 788d8d7549712682703a0310ca4a0f0860d4802b /chromium/docs/website/site/chromium-os/glitch-vulnerability-status/index.md | |
| parent | 606d85f2a5386472314d39923da28c70c60dc8e7 (diff) | |
| download | qtwebengine-chromium-8fa0776f1f79e91fc9c0b9c1ba11a0a29c05196b.tar.gz | |
BASELINE: Update Chromium to 98.0.4758.90
Change-Id: Ib7c41539bf8a8e0376bd639f27d68294de90f3c8
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium/docs/website/site/chromium-os/glitch-vulnerability-status/index.md')
| -rw-r--r-- | chromium/docs/website/site/chromium-os/glitch-vulnerability-status/index.md | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/chromium/docs/website/site/chromium-os/glitch-vulnerability-status/index.md b/chromium/docs/website/site/chromium-os/glitch-vulnerability-status/index.md new file mode 100644 index 00000000000..a60997fadbc --- /dev/null +++ b/chromium/docs/website/site/chromium-os/glitch-vulnerability-status/index.md @@ -0,0 +1,39 @@ +--- +breadcrumbs: +- - /chromium-os + - Chromium OS +page_name: glitch-vulnerability-status +title: GLitch vulnerability status +--- + +## Vulnerability description + +The [GLitch +vulnerability](https://www.vusec.net/wp-content/uploads/2018/05/glitch.pdf) uses +timing information gathered from the GPU to execute a +[Rowhammer-style](https://en.wikipedia.org/wiki/Row_hammer) bit-flip attack. +High-precision GPU timers can be used from an untrusted web page via WebGL to +determine the physical layout of memory pages. GL shaders running on the GPU are +then used to cause bit flips in CPU-accessible DRAM on unified memory +architecture GPUs. + +Successful exploitation would enable an attacker to escalate privileges from +Javascript. This has been demonstrated to allow arbitrary code execution within +the Chrome sandbox. + +## Chrome OS response + +Chrome OS 65, released to the stable channel on [April 5, +2018](https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-chrome-os.html), +mitigates the remote vector of the GLitch vulnerability on all Chrome OS devices +by removing access to high-precision WebGL timers. Users can [enable Site +Isolation](http://www.chromium.org/Home/chromium-security/site-isolation) for +further protection. + +## Affected devices + +Chrome OS Intel devices are protected against GLitch and other Rowhammer-style +bit flips by either using double refresh; or TRR on DDR4 RAM, if supported. +Chrome OS ARM devices use DDR3 RAM, which is theoretically vulnerable to +Rowhammer-style attacks; however, bit flips have not been reproduced on these +devices. No further action is necessary for Chrome OS ARM devices at the moment.
\ No newline at end of file |