“The impact of combining both the side-channel attack and rowhammer attack has been demonstrated to bypass the Firefox sandbox on the Android platform,” the SEI CERT division noted.
“It is important to realize that the GLitch attack has only successfully been demonstrated on the Nexus 5 phone, which was released in 2013. The Nexus 5 phone received its last software security update in October, 2015, and is therefore an already unsafe device to use. Several other phones released in 2013 were tested, but were not able to successfully be attacked with the GLitch attack. Success rates on phones newer than 2013 models were not provided. Non-Android devices were not tested as well.”
The researchers have told Wired that the attack can be modified to target different phone architectures and different browsers.
To mitigate the risk of this particular attack, Google and Mozilla have already released updates for Chrome and Firefox that disable the high precision WebGL timers leveraged to leak memory addresses.
GLitch attack PDF