A team of researchers from universities in Australia, the United States and Israel have presented a side-channel attack that is carried out using a browser and does not require JavaScript. Scientists tested the attack on a wide range of platforms, including devices with Apple's new secure M1 chips.
The researchers called their attack the first browser-based side-channel attack using only CSS and HTML and working even with JavaScript completely disabled. It is based on the Prime + Probe method, which allows you to determine which cache sets the attacked target is accessing and use this information to display potentially valuable information.
The execution of such attacks in the browser usually involves the use of JavaScript codes and time measurements. Browser manufacturers are actively working to protect against them, in particular by limiting or completely blocking the execution of JavaScript codes, as well as by making it difficult for attackers to measure time. However, an international team of researchers developed a sequence of attacks in which they managed to significantly reduce their dependence on JavaScript and bypass all security measures implemented by browser manufacturers.
The attack has been successfully tested (with varying success rates depending on the target architecture and existing defenses) in secure browser environments (Tor, Chrome Zero, DeterFox) on devices powered by Intel, AMD, Samsung and Apple chips.
All affected vendors have been notified. According to Apple, the publication of the research results does not cause any concern to it.