Simple Javascript hack breaks most chip protection

Five researchers from the Vrije University in the Netherlands have put together an attack that can be carried out via JavaScript code and break ASLR protection on at least 22 microprocessor architectures.

This includes hardware from Intel, AMD, ARM, Allwinner, Nvidia and all the other names in the industry.

Dubbed ASLRCache, or AnC, the attack focuses on the memory management unit (MMU), a lesser known component of many CPU architectures which improves performance for cache management operations.

The researchers worked out that this component shares some of its cache with untrusted applications, including browsers.

All it took was a bit of malicious JavaScript that specifically targeted this shared memory space and attempted to read its content.

Basically the AnC attack can break ASLR and allow the attacker to read portions of the computer’s memory. From there it is possible to launch more complex exploits and escalate access to the entire OS.