Researchers have proved that a web-based attack can exploit a roblem affecting densely packed memory chip cells. As DRAM has been scaling to increase in density, the cells are less isolated from each other. Recent studies have found that repeated accesses to DRAM rows can cause random bit flips in an adjacent row, resulting in the so called "Rowhammer"bug. This bug has already been exploited to gain root privileges and to evade a sandbox, showing the severity of faulting single bits for security. However, these exploits are written in native code and use special instructions to flush data from the cache.

In a paper co-authored by Daniel Gruss and Stefan Mangard of Graz University of Technology in Austria, and Clementine Maurice of Technicolor and Eurecom in France, the researchers presented Rowhammer.js, a JavaScript-based implementation of the Rowhammer attack. The attack uses an eviction strategy found by a generic algorithm that improves the eviction rate compared to existing eviction strategies from 95.2% to 99.99%.

Rowhammer.js is the first remote software-induced hardware-fault attack. In contrast to other fault attacks it does not require physical access to the machine, or the execution of native code or access to special instructions. As JavaScript-based fault attacks can be performed on millions of users stealthily and simultaneously, the researchers propose countermeasures that can be implemented immediately.

Rowhammer.js, was tested in Firefox 39, "but our attack technique is generic and can be applied to any architecture, programming language and runtime environment," they wrote.

It also doesn't require physical access to a computer, which makes it a lot more dangerous. That also means that large numbers of people could be targeted over the Web, increasing its potential victim pool.

"Since the attack can be performed on an arbitrary number of victim machines simultaneously and stealthily, it poses an enormous security threat," the researchers wrote.

In addition, many different types of computers are vulnerable, regardless of operating system, as the rowhammer bug affects many kinds of microchip architectures. The researchers are still figuring how exactly how many systems would be vulnerable to their attack.

So far, the researchers have not developed an exploit that would give root access to a computer using rowhammering, but they expect attackers eventually to expand on the capabilities of the exploit they discovered.

Until a longer term solution to Rowhammer.js is found, the researchers proposed that Web browsers should be updated to include a test to figure out if a computer is vulnerable.

Another option for users is to completely disable JavaScript using a browser extension such as NoScript.