Multiple Devices Integrated GPUs CVE-2018-10229 Security Bypass Vulnerability

by CIRT Team

Description: A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API.

Impact: Upon visiting a malicious or compromised website with a vulnerable device, an attacker may be able to bypass security features provided by the web browser.

Mitigation: Apply an update. Google Chrome and Mozilla Firefox have released updates which disable high precision timers in the browser.

Reference URL’s:

• https://www.kb.cert.org/vuls/id/283803
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10229
• https://www.securityfocus.com/bid/104084/info
• https://www.vusec.net/wp-content/uploads/2018/05/glitch.pdf

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts