Rowhammer.js: The first remote software-induced hardware-fault attack
The existence of the Rowhammer (or Row Hammer) bug is not news: since 2012, chip makers have been aware of the fact that, due to an increasing density of DRAM devices, often repeated signals sent to one row can affect cells in adjacent rows.
In March 2015, researchers from Google Project Zero demonstrated how this type of attack can be performed from a local machine to gain root privileges and to evade a sandbox, but Daniel Gruss, Clementine Maurice, and Stefan Mangard have discovered that you don’t have to have access to the machine.
Chip makers and web browser developers can help by distributing BIOS updates that considerably increase the refresh rate on DRAM modules or by adding Rowhammer tests to browsers.
The good news is that it’s difficult to achieve the wanted result with the attack, as it’s, for example, difficult to flip the right bits needed to gain access to the physical memory of a system and/or gain root access to the machine.