That is a line that historically had no one in it. There was much wringing of hands over WebGL, but "access to raw GPU memory" never came up as a concern, and is not even the issue here!

This exploit specifically only functions on UMA devices, where GPUs use unified system memory, and thus have no more or less access to it than ArrayBuffers. It turns out CPU memory accesses are too slow (really simplifying here) to rowhammer.

It's a hardware flaw in this case though, and apps are another vector. Android even has drive by ("instant") apps these days.

(And WebGL is far from raw gpu access)

But that’s exactly the point - the more hardware you expose to web browsers, the bigger the attack surface for web-based attacks.

Yeah, it's a valid position to want to limit the web platform's capabilities so that implementations are simpler and have fewer places where bugs can happen. The other position is that walled garden platforms (like Apple/Google app stores) could then make the web irrelevant as an app platform.

It would be nice if there were 2 "profiles" that web pages could conform to, browsers would only enable "simple content" profile by default...