top notch exploration, and the story was just the right amount.

lol

Is there really any other reaction?

Many sites have had to enable reveal passwords for people with complicated passwords not using password managers.

It's low risk, but their numbers are also coming from fairly dated hardware and is just proof of concept. It can almost certainly be speed up significantly.

Yeah as the other person suggested i suspect it's more like "when do these expire?" "does this have mold on it?" "what does this sign say?"

The problem is that so many browsers leverage hardware acceleration and offer access to the GPUs. So while browsers could fix the issue, the underlying cause is the way GPUs handle data that the attack is leveraging.

As these patterns are processed by the iGPU, their varying degrees of redundancy cause the lossless compression output to depend on the secret pixel. The data-dependent compression output directly translates to data-dependent DRAM traffic and data-dependent cache occupancy. Consequently, we show that, even under the most passive threat model—where an attacker can only observe coarse-grained redundancy information of a pattern using a coarse-grained timer in the browser and lacks the ability to adaptively select input—individual pixels can be leaked. Our proof-of-concept attack succeeds on a range of devices (including computers, phones) from a variety of hardware vendors with distinct GPU architectures (Intel, AMD, Apple, Nvidia). Surprisingly, our attack also succeeds on discrete GPUs, and we have preliminary results indicating the presence of software-transparent compression on those architectures as well.

It sounds distantly similar to some of the canvas issues where the acceleration creates different artifacts which makes it possible to identify GPUs and fingerprint the browsers.

I read that to mean it's a digital download only and not a physical copy in stores, but didn't put much thought into it.