GLitch vulnerability status
Vulnerability description
The GLitch vulnerability uses timing information gathered from the GPU to execute a Rowhammer-style bit-flip attack. High-precision GPU timers can be used from an untrusted web page via WebGL to determine the physical layout of memory pages. GL shaders running on the GPU are then used to cause bit flips in CPU-accessible DRAM on unified memory architecture GPUs.
Successful exploitation would enable an attacker to escalate privileges from Javascript. This has been demonstrated to allow arbitrary code execution within the Chrome sandbox.
Chrome OS response
Chrome OS 65, released to the stable channel on April 5, 2018, mitigates the remote vector of the GLitch vulnerability on all Chrome OS devices by removing access to high-precision WebGL timers. Users can enable Site Isolation for further protection.
Affected devices
Chrome OS Intel devices are protected against GLitch and other Rowhammer-style bit flips by either using double refresh; or TRR on DDR4 RAM, if supported. Chrome OS ARM devices use DDR3 RAM, which is theoretically vulnerable to Rowhammer-style attacks; however, bit flips have not been reproduced on these devices. No further action is necessary for Chrome OS ARM devices at the moment.