Security News > 2021 > April > New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks
Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack.
"Despite their in-DRAM Target Row Refresh mitigations, some of the most recent DDR4 modules are still vulnerable to many-sided Rowhammer bit flips," the researchers said.
By synchronizing memory requests with DRAM refresh commands, the researchers developed an end-to-end JavaScript exploit which can fully compromise the Firefox browser in 15 minutes on average, proving that web users continue to remain at risk from such attacks.
Multiple methods have been devised, expanding on the methods and exploitation scenarios of the original Rowhammer research to bypass protections put in place, launch attacks via JavaScript, network packets, and field-programmable gate array cards, and even read sensitive memory data from other processes running on the same hardware.
In response to the findings, industry-wide countermeasures like Target Row Refresh were billed as the "Ultimate solution" for all the aforementioned Rowhammer attack versions, until VU researchers in March 2020 demonstrated a fuzzing tool called "TRRespass" that could be used to make Rowhammer attacks work on the TRR-protected DDR4 cards.
Specifically, the exploit chain is initiated when a victim visits a malicious website under the adversary's control or a legitimate website that contains a malicious ad, taking advantage of the Rowhammer bit flips triggered from within the JavaScript sandbox to gain control over the victim's browser.