Multiple Devices Integrated GPUs CVE-2018-10229 Security Bypass Vulnerability
by CIRT Team
Description: A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API.
Impact: Upon visiting a malicious or compromised website with a vulnerable device, an attacker may be able to bypass security features provided by the web browser.
Mitigation: Apply an update. Google Chrome and Mozilla Firefox have released updates which disable high precision timers in the browser.
Reference URL’s:
- https://www.kb.cert.org/vuls/id/283803
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10229
- https://www.securityfocus.com/bid/104084/info
- https://www.vusec.net/wp-content/uploads/2018/05/glitch.pdf
Recommended Posts
Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages
08 Oct 2024 - Security Advisories & Alerts