In the opening, the researchers note that the usual fix to prevent cache-based side-channel attacks through browsers is to “disable or restrict JavaScript features deemed essential for carrying out attacks” with the goal to find out how effective that approach is. Interestingly, the findings say Apple’s M1 and Samsung’s Exynos chips can sometimes be more susceptible to these novel attacks.Ĭornell University published the new security paper by a group of researchers from University of Michigan, Ben-Gurion University of the Negev, and University of Adelaide (via The 8-bit).
The JavaScript-free attack has been found to work across most modern CPUs including Intel, AMD, Samsung, and Apple Silicon. A group of researchers has uncovered what looks to be the first browser-based side-channel attack that’s built entirely from CSS and HTML.