Researchers have proved that a web-based attack can exploit a roblem affecting densely packed memory chip cells. As DRAM has been scaling to increase in density, the cells are less isolated from each other. Recent studies have found that repeated accesses to DRAM rows can cause random bit flips in an adjacent row, resulting in the so called "Rowhammer"bug. This bug has already been exploited to gain root privileges and to evade a sandbox, showing the severity of faulting single bits for security. However, these exploits are written in native code and use special instructions to flush data from the cache.
Rowhammer.js, was tested in Firefox 39, "but our attack technique is generic and can be applied to any architecture, programming language and runtime environment," they wrote.
It also doesn't require physical access to a computer, which makes it a lot more dangerous. That also means that large numbers of people could be targeted over the Web, increasing its potential victim pool.
"Since the attack can be performed on an arbitrary number of victim machines simultaneously and stealthily, it poses an enormous security threat," the researchers wrote.
In addition, many different types of computers are vulnerable, regardless of operating system, as the rowhammer bug affects many kinds of microchip architectures. The researchers are still figuring how exactly how many systems would be vulnerable to their attack.
So far, the researchers have not developed an exploit that would give root access to a computer using rowhammering, but they expect attackers eventually to expand on the capabilities of the exploit they discovered.
Until a longer term solution to Rowhammer.js is found, the researchers proposed that Web browsers should be updated to include a test to figure out if a computer is vulnerable.