The research focused on WebGPU, an API that enables web developers to use the underlying system’s GPU to carry out high-performance computations in a web browser. By leveraging this API, they have demonstrated an attack that works entirely from the web browser using JavaScript. This makes it easier to carry out remotely, but also limits the potential impact compared to previous attacks that require access to native GPU APIs.
The academic researchers described their work as the first GPU cache side-channel attack from within a browser. The showed how the method can be leveraged for remote attacks, by getting the targeted user to access a website hosting malicious WebGPU code and stay on the site for several minutes while the exploit is being executed.
