GPUs from all major suppliers are vulnerable to new pixel-stealing attack

Lee Duna@lemmy.nz · 1 year ago

GPUs from all major suppliers are vulnerable to new pixel-stealing attack

originalucifer@moist.catsweat.com · 1 year ago

on Chromium they should state. its a combo of GPU and the app failing to isolate cross-domain data… leaking it.

Firefox is not vulnerable… just chrome/edge, etc.

ares35@kbin.social · 1 year ago

chromium is used in a lot of things.

themoonisacheese@sh.itjust.works · 1 year ago

Yes, but while electron apps are technically vulnerable, they tighly control what sites you visit and they do not hold session cookies for non-public info to be stolen.

dust_accelerator@discuss.tchncs.de · 1 year ago

While true, that’s not the message here. While chromium is in a lot of things, browsers for everyday use (like banking etc.) is a huge part. You can’t control what services you rely on use as a basis for their software, but you can absolutely not use the software and/or opt for the website instead.

If you can reduce your exposure to that vulnerability by a large fraction by simply switching browsers with equivalent experience, it should absolutely be mentioned. In fact, it could even be seen as an obligation/core purpose of news outlets.

webghost0101@sopuli.xyz · 1 year ago

Including steam

Wahots@pawb.social · 1 year ago

For GPU.zip to work, a malicious page must be loaded into the Chrome or Edge browsers. Under-the-hood differences in the way Firefox and Safari work prevent the attack from succeeding when those browsers process an attack page.

Lol, amazing.

johnyrocket@feddit.ch · 1 year ago

Firefox ftw!!!

Psythik@lemm.ee · 1 year ago

GPUs from all six of the major suppliers

Wait, what? Six? There’s AMD, Nvidia, and Intel. Who are the other three? Are they counting mobile chips made by Apple, Qualcomm, and Samsung as GPUs?

Schmeckinger@feddit.de · edit-2 1 year ago

On top of my head there is AMD, Nvidia, Intel, ARM, Qualcomm, Broadcom, Apple. Samsung licenses their GPU’s from ARM and AMD as far as I know. Also why wouldn’t you count the other manufacturers? There are certainly more ARM IP GPU’s in use than AMD and NVIDIA and Apple is probably up there too, especially with the M1 and M2 launch.

𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one · 1 year ago

Does VIA still make onboard GPUs?

Schmeckinger@feddit.de · 1 year ago

Yeah for Zhaoxin, but that’s for the chinese market.

Funderpants @lemmy.ca · 1 year ago

Not my pixels!

ebits21@lemmy.ca · 1 year ago

MINE

some_guy@lemmy.sdf.org · 1 year ago

The attack works on GPUs provided by Apple, Intel, AMD, Qualcomm, Arm, and Nvidia.

Even new(ish) GPUs from Apple. Sounds like a flaw in the product category, not just certain implementations.