New Research Exposes Privacy Risks of WebGPU Browser API

A team of academics has published a research paper demonstrating how the WebGPU API, designed to boost graphics performance in web browsers, can be abused to conduct side-channel attacks and extract sensitive data. Their findings underscore potential privacy implications as browsers grant websites increasing access to system hardware like graphics processing units (GPUs).

The research was conducted by Michael Schwarz, Clémentine Maurice and Daniel Gruss from the Graz University of Technology and Gilles Muller from the University of Rennes. 

It centres on WebGPU, a new web standard that allows websites to leverage the computational power of the user's GPU for accelerated graphics rendering and parallel computing.

While enabling richer web applications, the researchers found this direct GPU access also opens the door to timing and cache side-channel attacks that can leak sensitive information like passwords and encryption keys.

"Our work emphasizes that browser vendors need to treat access to the GPU similar to other security- and privacy-related resources," the researchers warned in their paper.

The Exploiting GPU Side-Channels from the Web

At its core, the attack technique abuses how different GPU workloads impact the timing and cache state of the graphics processor. By carefully analyzing these impacts through WebGPU, the researchers could extract information about other processes using the shared GPU resource. The academic researchers described their work as one of the first GPU cache side-channel attacks from within a browser.

One demonstrated attack was an inter-keystroke timing attack able to infer keystrokes and passwords by detecting microsecond timing variations caused by concurrent keyboard input processing on the GPU. The attack code runs entirely in JavaScript in the web browser, making it relatively simple to deploy compared to previous GPU side-channel attacks requiring native code execution. [PDF] 

The researchers have shared a small proof-of-concept running a harmless WebGPU timing attack which was published to raise awareness.

Another attack extracted an AES encryption key used for a GPU-accelerated encryption process within just a few minutes by monitoring cache access patterns. The researchers also achieved data exfiltration rates up to 10 Kb/s by encoding stolen data into a GPU cache state.

While not extremely high-impact, these proof-of-concept attacks demonstrate the unexpected privacy risks of granting ubiquitous web code direct hardware access without sufficient isolation or permission checks.

"This can lead to stealthy attacks like ours (or potentially worse ones in the future), or websites simply using the GPU for things like crypto mining with the user being totally oblivious," explained Lukas Giner, one of the researchers.

Industry Reacts, But Action Lacking

The research paper evaluated 11 consumer and professional GPUs from AMD and NVIDIA, finding all were vulnerable to some form of WebGPU side-channel attack when used with browsers supporting the API like Chrome, Edge and Firefox.

After being notified, Mozilla, AMD, NVIDIA and Chromium developers were made aware, but initially showed little urgency in mitigating the issues. AMD published an advisory stating it didn't believe a working exploit was demonstrated by the research team.

The researchers argued that browser vendors should treat GPU access similarly to other security-sensitive resources like microphones and cameras which require explicit user permission.  However, the Chromium team responded that asking users to make security decisions they don't understand adds friction without improving safety.

Ultimately, no immediate mitigations appear to be planned, with browser vendors prioritizing WebGPU's performance benefits over potential side-channel risks for now. 

While the full impact remains unclear, this research exposes a new front in the ongoing battle between browser privacy and cutting-edge web capabilities. As GPU-accelerated web apps become more common, finding the right balance between utility and isolating sensitive compute resources will be crucial.

"Browser vendors need to be very careful about just exposing all the system's hardware resources to the web without rigorous security checks and permissions," Giner warned about the implications of direct GPU access from web code.

Only time will tell if these new side-channel attacks remain a theoretical curiosity or evolve into a legitimate privacy threat as WebGPU and similar hardware-accelerated browser APIs see wider adoption. However, this research has sparked an important conversation about the complex security ramifications of modern web platforms.