Security News > 2024 > June > New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems
A new speculative execution attack named "TIKTAG" targets ARM's Memory Tagging Extension to leak data with over a 95% chance of success, allowing hackers to bypass the security feature.
The paper, co-signed by a team of Korean researchers from Samsung, Seoul National University, and the Georgia Institute of Technology, demonstrates the attack against Google Chrome and the Linux kernel.
MTE is a feature added in the ARM v8.5-A architecture, designed to detect and prevent memory corruption.
The system uses low-overhead tagging, assigning 4-bit tags to 16-byte memory chunks, to protect against memory corruption attacks by ensuring that the tag in the pointer matches the accessed memory region.
The researchers demonstrated the effectiveness of TIKTAG-v2 gadgets against the Google Chrome browser, particularly the V8 JavaScript engine, opening up the path to exploiting memory corruption vulnerabilities in the renderer process.
"As Allocation Tags are not expected to be a secret to software in the address space, a speculative mechanism that reveals the correct tag value is not considered a compromise of the principles of the architecture," reads the ARM bulletin.
News URL
Related news
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- Google Chrome’s AI feature lets you quickly check website trustworthiness (source)
- Google Chrome uses AI to analyze pages in new scam detection feature (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
- Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor (source)
- ESET researchers analyze first UEFI bootkit for Linux systems (source)
- BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)