Why wouldn’t it be possible? That’s the scary thing about these hardware level bugs, anything that can execute code could potentially trigger it and all of a sudden all the fences that the OS and runtime environment put up to sandbox processes and whatnot don’t mean anything because it all rests on the assumption that the CPU is not flawed.
For example: Spectre and Meltdown were exploitable via javascript, and this is a similar kind of vulnerability.
Why wouldn’t it be possible? That’s the scary thing about these hardware level bugs, anything that can execute code could potentially trigger it and all of a sudden all the fences that the OS and runtime environment put up to sandbox processes and whatnot don’t mean anything because it all rests on the assumption that the CPU is not flawed.
For example: Spectre and Meltdown were exploitable via javascript, and this is a similar kind of vulnerability.
Sources:
And you can actually see it in action here: https://www.youtube.com/watch?v=V_9cQP60ZGI
Here is an alternative Piped link(s): https://piped.video/watch?v=V_9cQP60ZGI
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.