Four Columbia University boffins reckon they can spy on keystrokes and mouse clicks in a web browser tab by snooping on the PC's processor caches. The exploit is apparently effective against machines running a late-model Intel CPU.

The side-channel attack can be performed by JavaScript served from a malicious web and network. It works by studying the time it takes to access data stored in the last-level cache and matches it to user activity. The attack allows a remote adversary recover information belonging to other processes, other users and even other virtual machines running on the same physical host as the victim web browser.