Crafted Webpage Reboots and Crashes Almost All Browsers

Sabri Haddouche unveiled proof of concept (PoC) code for crashing Apple's Safari iOS web browser with a simple click on a link which loads a specially crafted web page containing an exploit for the Webkit rendering engine's -WebKit-backdrop-filter CSS property, provoking an immediate kernel panic and a full system reboot.

Even though at first Sabri's PoC was released as an iOS vulnerability, very quickly troves of other Twitter users came back announcing that other web browsers are also crashing after loading the PoC, most of them even taking down the entire operating system with them.

In an interview given to ZDNet, Haddouche said that "the attack uses a weakness in the -webkit-backdrop-filter CSS property, which uses 3D acceleration to process elements.

No comments:

Post a Comment