There's a certain romance to the idea of a random video that looks like colorful noise actually crashing or exploiting your device. It's basically the closest thing to "snowcrash" that we have.
It was really bad when the best way to play a video on a website was through the god damn adobe flash plugin - isn't it crazy thinking back on how that was just normal for so long? [1] [2]
People lament the loss of all those flash games and stuff but some of those sites were SKETCHY, not to mention ad networks with unchecked .swf "creatives"...
Oh yeah, I remember the "flash super cookie" being a well-known marketing technique.
You know what's really crazy? Before the Snowden revelations in 2013, something like 70% of the web was using http:// (including sites like Amazon and Facebook, IIRC - although checkout pages may have been secured). LetsEncrypt really did a great job of getting the Web past the starting line of basic security.
Oh yeah arp spoofing or just session hijacking your way into people's accounts was way too facile back then. I seem to recall a browser plugin that did it [1]
Firesheep proliferated quite rapidly at my uni, even to extremely non technical people due to its sheer ease of use and the potential for comedy.
The worst people would usually do is leave a vaguely embarrassing status on your FB page, which was the usual prank if you left your computer unlocked anyway.
I'd hope for someone reverse engineering the brain (or a specific individual's brain), then figuring out exactly what incomprehensible colourful noise of a video to show you, and at the end you mysteriously know how to speak Cantonese.
Could a hack be possible by exploiting the GPU? Like making a 3D game scene that's actually encoding malware so when the GPU tries to render it you now have access to the system resources?
Don't know about a scene, but EC2-like access to virtual GPUs was rumored to be pretty dangerous, potentially even to the hardware itself (think something like changing the voltages via undocumented registers). The attack surface there is enormous. It was rumors, maybe someone here knows better.
You can target co-processors in general, e.g., here [1], thus I assume people do hack GPUs.
Generally, the better we become in introducing mitigations, the more expensive attacks become and attackers have bosses, budgets and deadlines. They will try to find other avenues to land on a target :-)
We do read about occasional vulnerabilities on phone GPUs, but I do have to wonder. Wouldn't the compartmentalization and difference in compute abilities between CPU and GPU inherently limit the scope to which a vulnerability on the GPU in a typical PC can exploit?
Compartmentalization might make chaining the exploit more difficult, but it's certainly not unheard of. There have been exploit chains in the past that manage to jump from the baseband to the main CPU, for example.
One of my favorite exploits [0] was from Project Zero where the chain began with a vulnerability in the Apple wireless stack (Broadcom? maybe, but that might be a different exploit I'm thinking of), and ended in arbitrary kernel RCE. In other words, it was "a wormable radio-proximity exploit which allows me to gain complete control over any iPhone in my vicinity."
More relevantly to your question, here's a writeup about exploiting a GPU. [1]
Generally, no. Often you’ll see GPUs have extensive access to the system’s physical memory and vice versa which makes exploiting either processor from the other fairly common due to buggy drivers.
