The analysis focused on Prime+Probe, a cache side-channel attack method that can detect which cache sets are accessed by the target and uses that to infer potentially valuable information.
The attack method has been successfully tested — with various levels of success depending on the targeted architecture and existing mitigations — against hardened browser environments (e.g. Tor, Chrome Zero, DeterFox) on devices with Intel, AMD, Samsung and Apple chips.
Impacted vendors have been notified. Apple told the researchers that the public disclosure of their findings does not raise any concerns.
“We show that advanced variants of the cache contention attack allow Prime+Probe attacks to be mounted through the browser in extremely constrained situations,” the researchers said in their paper. “Cache attacks cannot be prevented by reduced timer resolution, by the abolition of timers, threads, or arrays, or even by completely disabling scripting support. This implies that any secret-bearing process which shares cache resources with a browser connecting to untrusted websites is potentially at risk of exposure.”