Multiple Devices Integrated GPUs CVE-2018-10229 Security Bypass Vulnerability

by CIRT Team

Description: A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API.

Impact: Upon visiting a malicious or compromised website with a vulnerable device, an attacker may be able to bypass security features provided by the web browser.

Mitigation: Apply an update. Google Chrome and Mozilla Firefox have released updates which disable high precision timers in the browser.

Reference URL’s:

• https://www.kb.cert.org/vuls/id/283803
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10229
• https://www.securityfocus.com/bid/104084/info
• https://www.vusec.net/wp-content/uploads/2018/05/glitch.pdf

CIRT Team

Recommended Posts

Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers

08 Feb 2024 - Articles, English articles, Security Advisories & Alerts

বাংলাদেশের আইটি কাঠামোয় তথ্য চুরির ম্যালওয়ারের বিস্তার সম্পর্কে সতর্কতা

18 Jan 2024 - Articles, Bangla Articles, News, Security Advisories & Alerts

সাইবার থ্রেট এলার্টঃ বাংলাদেশকে লক্ষ্য করে চলমান ফিশিং ক্যাম্পেইন

04 Jan 2024 - News, Security Advisories & Alerts