Posthammer: Pervasive Browser-based Rowhammer Attacks with Postponed Refresh Commands
Finn de Ridder
34th USENIX Security Symposium (USENIX Security '25) · Day 3 · Hardware Security 3: Side-Channel and Fault Injection Attacks
The "Posthammer" talk at USENIX Security unveiled a sophisticated and highly effective browser-based Rowhammer attack that significantly expands the attack surface for this persistent memory vulnerability. Presented by Finn de Ridder, this research demonstrates that a majority of modern DDR4 memory chips are susceptible to Rowhammer-induced bit flips initiated directly from a web browser. The talk highlights novel techniques, including the exploitation of **postponed refresh commands** and the creation of **non-uniform hammering patterns** using browser-accessible primitives, to bypass existing hardware mitigations.
AI review
Posthammer is the real deal — original hardware security research from ETH Zurich that meaningfully advances the browser-based Rowhammer attack surface by exploiting JEDEC-allowed refresh postponement and constructing non-uniform hammering patterns via a novel 'lanes' primitive. A 40% end-to-end success rate across 17/28 tested DDR4 DIMMs, culminating in a JavaScript read/write primitive, is not a lab curiosity — it's a practical, weaponizable capability delivered from a browser tab.