{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/gpu/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.6,"id":"CVE-2026-7333"}],"_cs_exploited":false,"_cs_products":["Chrome","Edge"],"_cs_severities":["critical"],"_cs_tags":["use-after-free","chromium","gpu","cve-2026-7333","remote code execution"],"_cs_type":"threat","_cs_vendors":["Google","Microsoft"],"content_html":"\u003cp\u003eCVE-2026-7333 is a critical use-after-free vulnerability residing in the GPU component of the Chromium browser engine. This flaw allows an attacker to potentially corrupt memory and execute arbitrary code in the context of the browser process. As Microsoft Edge is built upon the Chromium engine, it is also susceptible to this vulnerability. Public details are limited, but exploitation likely involves crafting malicious web content that triggers the use-after-free condition within the GPU processing routines. This vulnerability poses a significant threat as it could allow attackers to compromise user systems simply by visiting a malicious website.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious HTML page containing JavaScript that interacts with the GPU functionality of the browser.\u003c/li\u003e\n\u003cli\u003eThe user visits the malicious page via a phishing email or drive-by download.\u003c/li\u003e\n\u003cli\u003eThe JavaScript code triggers the use-after-free vulnerability in the Chromium GPU component.\u003c/li\u003e\n\u003cli\u003eThe vulnerability allows the attacker to corrupt memory allocated for GPU processing.\u003c/li\u003e\n\u003cli\u003eThe attacker manipulates memory to gain control of program execution.\u003c/li\u003e\n\u003cli\u003eThe attacker injects malicious code into the browser process.\u003c/li\u003e\n\u003cli\u003eThe injected code executes with the privileges of the browser process, allowing the attacker to perform actions such as stealing cookies, credentials, or installing malware.\u003c/li\u003e\n\u003cli\u003eThe attacker gains persistent access to the compromised system and exfiltrates sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eA successful exploitation of CVE-2026-7333 could allow an attacker to execute arbitrary code on a user\u0026rsquo;s system. This could lead to the theft of sensitive information, installation of malware, or complete system compromise. Given the widespread use of Chromium-based browsers such as Chrome and Edge, this vulnerability has the potential to affect millions of users. The impact is considered critical due to the ease of exploitation and the potential for widespread damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the latest security updates for Google Chrome and Microsoft Edge to patch CVE-2026-7333.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious GPU Process Creation\u0026rdquo; to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eEnable process creation logging with command-line arguments to detect suspicious processes spawned by the browser (logsource: process_creation).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-01T02:21:27Z","date_published":"2026-05-01T02:21:27Z","id":"/briefs/2024-01-03-chromium-use-after-free/","summary":"CVE-2026-7333 is a use-after-free vulnerability in the GPU component of Chromium, affecting Google Chrome and Microsoft Edge, potentially leading to arbitrary code execution.","title":"Chromium Use-After-Free Vulnerability in GPU Component (CVE-2026-7333)","url":"https://feed.craftedsignal.io/briefs/2024-01-03-chromium-use-after-free/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.3,"id":"CVE-2026-6314"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["chrome","gpu","oob-write","sandbox-escape"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-6314 is a security vulnerability affecting Google Chrome versions prior to 147.0.7727.101. The vulnerability resides within the GPU process and is classified as an out-of-bounds write. Successful exploitation could allow a remote attacker who has already compromised the GPU process to perform a sandbox escape, potentially gaining broader system access. The vulnerability can be triggered by a crafted HTML page. The Chromium security team has rated this vulnerability as High severity. This vulnerability was patched in the 147.0.7727.101 release.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious HTML page designed to trigger the out-of-bounds write in the GPU process.\u003c/li\u003e\n\u003cli\u003eThe victim visits the malicious HTML page using a vulnerable version of Google Chrome.\u003c/li\u003e\n\u003cli\u003eThe HTML page leverages JavaScript to initiate a GPU-related operation that triggers the vulnerable code path.\u003c/li\u003e\n\u003cli\u003eThe GPU process attempts to write data outside of the intended memory buffer due to a flaw in the code.\u003c/li\u003e\n\u003cli\u003eThis out-of-bounds write corrupts memory within the GPU process.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the memory corruption to overwrite critical data structures or code within the GPU process.\u003c/li\u003e\n\u003cli\u003eBy manipulating the GPU process\u0026rsquo;s memory, the attacker attempts to escape the Chrome sandbox.\u003c/li\u003e\n\u003cli\u003eIf successful, the attacker gains the ability to execute arbitrary code outside the sandbox, potentially compromising the user\u0026rsquo;s system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-6314 allows an attacker to escape the Chrome sandbox. This allows the attacker to potentially execute arbitrary code on the victim\u0026rsquo;s machine. While the exact number of victims is unknown, all users of Google Chrome versions prior to 147.0.7727.101 are potentially vulnerable. A successful sandbox escape could lead to data theft, malware installation, or other malicious activities, depending on the privileges of the compromised user.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Google Chrome to version 147.0.7727.101 or later to patch CVE-2026-6314.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Chrome GPU Process Crash\u003c/code\u003e to identify potential exploitation attempts based on abnormal process termination.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for requests to suspicious HTML pages (cs-uri-query, cs-uri-stem) that could be used to deliver the exploit.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-16T12:00:00Z","date_published":"2026-04-16T12:00:00Z","id":"/briefs/2026-04-chrome-gpu-oob-write/","summary":"Google Chrome versions prior to 147.0.7727.101 are vulnerable to an out-of-bounds write in the GPU process (CVE-2026-6314), allowing a remote attacker with GPU process compromise to potentially perform a sandbox escape via a crafted HTML page.","title":"Google Chrome GPU Out-of-Bounds Write Vulnerability (CVE-2026-6314)","url":"https://feed.craftedsignal.io/briefs/2026-04-chrome-gpu-oob-write/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["rowhammer","privilege-escalation","gpu","cloud"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA team of researchers from the University of Toronto has discovered a new Rowhammer attack named GPUBreach, which exploits GDDR6 memory in Nvidia GPUs. This attack induces bit flips that corrupt GPU page tables. In combination with existing memory-safety bugs in Nvidia drivers, GPUBreach enables arbitrary read-write access to memory. This ultimately leads to CPU-side privilege escalation, resulting in a root shell and full system compromise. This poses a significant threat to cloud environments, where multiple users share the same physical GPU. The researchers reported their findings to Nvidia in November 2025. Google awarded a $600 bounty for the vulnerability discovery.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains code execution privileges on a GPU within a shared environment (e.g., cloud).\u003c/li\u003e\n\u003cli\u003eAttacker utilizes the GPUBreach technique to repeatedly access (\u0026ldquo;hammer\u0026rdquo;) a specific row of GDDR6 memory cells on the GPU.\u003c/li\u003e\n\u003cli\u003eThis \u0026ldquo;hammering\u0026rdquo; generates electrical interference, causing bit flips in neighboring memory regions.\u003c/li\u003e\n\u003cli\u003eThe induced bit flips corrupt GPU page tables, granting arbitrary read-write access to memory.\u003c/li\u003e\n\u003cli\u003eAttacker exploits memory-safety bugs in Nvidia drivers.\u003c/li\u003e\n\u003cli\u003eThis leads to CPU-side privilege escalation by exploiting the corrupted memory access.\u003c/li\u003e\n\u003cli\u003eAttacker gains root shell privileges on the compromised system.\u003c/li\u003e\n\u003cli\u003eAttacker achieves full system compromise, potentially leading to unauthorized data access, data corruption, or breaches of memory isolation.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe GPUBreach attack allows for privilege escalation from a user with GPU access to root on a shared system. This compromises the confidentiality, integrity, and availability of the entire system, especially in cloud environments where multiple users share physical GPUs. Successful exploitation can lead to unauthorized data access, data corruption, breaches of memory isolation, and potentially complete control over the compromised system. Google awarded a $600 bounty highlighting the significance of this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnable ECC on server and workstation GPUs (e.g., RTX A6000) as per the Nvidia security notice to mitigate single-bit flips, although this is not a foolproof mitigation as the attack can induce more than two bit flips.\u003c/li\u003e\n\u003cli\u003eMonitor GPU resource usage for unusual memory access patterns indicative of Rowhammer attacks using the detection rule for \u003ccode\u003eGPU Memory Hammering Detection\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eMonitor for suspicious processes utilizing the GPU in conjunction with privilege escalation attempts as detected by the \u003ccode\u003eSuspicious GPU Privilege Escalation\u003c/code\u003e Sigma rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-07T11:31:38Z","date_published":"2026-04-07T11:31:38Z","id":"/briefs/2026-04-gpubreach-rowhammer/","summary":"GPUBreach is a novel Rowhammer attack targeting GPUs, allowing privilege escalation to root shell by inducing bit flips in GDDR6 memory and exploiting memory-safety bugs in Nvidia drivers, posing a significant risk to shared cloud environments.","title":"GPUBreach: GPU Rowhammer Attack for Privilege Escalation","url":"https://feed.craftedsignal.io/briefs/2026-04-gpubreach-rowhammer/"}],"language":"en","title":"CraftedSignal Threat Feed — Gpu","version":"https://jsonfeed.org/version/1.1"}