cispa_all_3745.pdf (387.02 kB)

Browser-based CPU Fingerprinting

Download (387.02 kB)
conference contribution
posted on 2023-11-29, 18:22 authored by Leon TrampertLeon Trampert, Christian RossowChristian Rossow, Michael SchwarzMichael Schwarz
Mounting microarchitectural attacks, such as Spectre or Rowhammer, is possible from browsers. However, to be realistically exploitable, they require precise knowledge about microarchitectural properties. While a native attacker can easily query many of these properties, the sandboxed environment in browsers prevents this. In this paper, we present eight side-channel-related benchmarks that reveal CPU properties, such as cache sizes or cache associativities. Our benchmarks are implemented in JavaScript and run in unmodified browsers on multiple platforms. Based on a study with 834 participants using 297 different CPU models, we show that we can infer microarchitectural properties with an accuracy of up to 100%. Combining multiple properties also allows identifying the CPU vendor with an accuracy of 97.5%, and the microarchitecture and CPU model each with an accuracy of above 60%. The benchmarks are unaffected by current side-channel and browser fingerprinting mitigations, and can thus be used for more targeted attacks and to increase the entropy in browser fingerprinting.


Preferred Citation

Leon Trampert, Christian Rossow and Michael Schwarz. Browser-based CPU Fingerprinting. In: European Symposium on Research in Computer Security (ESORICS). 2022.

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

European Symposium on Research in Computer Security (ESORICS)

Legacy Posted Date


Open Access Type

  • Unknown


@inproceedings{cispa_all_3745, title = "Browser-based CPU Fingerprinting", author = "Trampert, Leon and Rossow, Christian and Schwarz, Michael", booktitle="{European Symposium on Research in Computer Security (ESORICS)}", year="2022", }

Usage metrics


    No categories selected


    Ref. manager