WebGPU API will endanger your data while boosting your performance

Researchers discovered a way to exploit the vulnerabilities of GPUs

Reading time icon 2 min. read


Readers help support Windows Report. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more

A WebGPU API on top of a GPU behind danger signs

The WebGPU browser API presents a high risk for your device. Even if the tool boosts your graphics performance while browsing, hackers can use it against you. After all, some browsers ask for your permission to access hardware to enable various tools and services. However, not all of them will need your input. So, by exploiting their vulnerabilities, wrongdoers can access your data and perform side-channel attacks.

What is a GPU attack?

A GPU side-channel attack allows threat actors to use your hardware against you, stealing sensitive data. However, they usually require your approval to access your hardware, which can be tricky for you. After all, sites ask for your permission to enable their APIs and Tools, such as the WebGPU API.

So, when you accept their request, hackers can use the software to access your GPU. Then, using its compressing tools, wrongdoers can steal bits of the data it uses. In addition, attackers abuse how the GPU workloads impact the timing and cache state to spy on you.

According to CyberKendra, one of the GPU methods used by researchers in their WebGPU API study was an inter-keystroke timing attack. The technique allows them to measure the time it takes for your GPU to process keyboard inputs. Thus, by using it, they can figure out if you use common characters or special ones. Also, the code of the attack runs in JavaScript, and researchers can use it more easily than the side-channel attack.

Researchers tried to make tech companies and browser vendors prioritize security. To do this, they showed their proof of concept attacks. However, they weren’t successful because letting us make security decisions we don’t understand could negatively impact our perception. So, they prefer the performance benefits of WebGPU API.

In summary, even if researchers found security vulnerabilities in WebGPU API, tech companies leave this matter in our hands. To protect your data, use a complicated password and only approve some requests from browsers. Additionally, there are a few ways to defend from browser attacks.

What are your thoughts? Will you continue using the WebGPU browser API to boost your performance? Let us know in the comments.

More about the topics: GPU, security, security threats