What Browsers Do in the Shaders: A Measurement Study of WebGPU Privacy

📅 2026-06-24
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
WebGPU introduces novel privacy risks due to shared state across browsers, drivers, operating systems, and GPUs. This work proposes WGPULens, a framework that systematically identifies persistent pipeline compilation state as a critical privacy leakage surface. Through controlled experiments, in-the-wild user studies, Tranco-based web crawling, and co-residency probing between browser and native contexts, we comprehensively evaluate its fingerprinting capabilities. Our findings reveal that cold and hot pipeline probes can infer compilation states across origins; while user behavior exhibits high discriminability, its stability upon repeated visits is limited. Moreover, current websites predominantly perform adapter detection, with few actively deploying shaders. Building on these insights, we introduce a surface-specific privacy assessment methodology and a source-level key separation mitigation strategy.
📝 Abstract
WebGPU lets ordinary web pages run GPU workloads through a validated programming model. Validation protects memory safety, but shared browser, driver, OS, and GPU state can still expose privacy-relevant signals. We present WGPULens, a framework for measuring those signals across controlled scenarios, browser-native co-residency, a participant field study, public page loads, and mitigation policies. Our framework separates measurements: controlled scenarios support leakage, boundary, and mitigation claims; participant runs support deployment, compatibility, and fingerprintability; and a Tranco crawl measures WebGPU exposure in real-world pages. Our controlled results identify persistent pipeline compilation state as the clearest surface. Cold/warm pipeline probes reveal prior compilation state across selected origin, profile, and browser placements. Controlled browser/native experiments also show native GPU activity can be inferred from browser-visible observables under labeled workloads. Other resource probes provide weaker positive results and negative controls. The participant field study shows active WebGPU behavior is highly distinctive within the sample, with deterministic components stable within runs and lower exact stability across repeated visits. A page-load crawl finds WebGPU use mainly as adapter probing and static support code, with no observed page-load shader, pipeline, queue, query, or map activity. Mitigation pilots identify source-level key separation as a proxy for evaluating pipeline-cache partitioning. Overall, WGPULens shows that WebGPU privacy analysis must be surface-specific: browsers need to measure which GPU state crosses which boundary, which browser-visible signals reveal it, and what the corresponding mitigations cost.
Problem

Research questions and friction points this paper is trying to address.

WebGPU
privacy
GPU state
browser
fingerprinting
Innovation

Methods, ideas, or system contributions that make the work stand out.

WebGPU
privacy measurement
GPU side channels
pipeline compilation state
browser fingerprinting
🔎 Similar Papers
No similar papers found.