A successful attack allows the attacker to read portions of memory where system information and processes are stored which can then lead to other attacks or a privilege escalation – which could give a malicious program full control of a device. The researchers tested 22 different CPU architectures and found all of them to be vulnerable and alerted that others they did not test may very well be vulnerable as well.
The attack itself is relatively easy (though the algorithms are fairly complex) – they slam the memory cells with data until nearby bits flip and with proper timing can figure out a lot about what data is being stored — a Rowhammer attack. They are able to carry out these attacks because modern browsers have become fast enough with timing (performance.now()) and support lower-level data functions (like asm.js) that allow for faster just-in-time (JIT) and ahead-of-time access to bit-level memory. In short, browsers have become so fast and allow access to a low-enough level of memory they can now be used to break security features that have been built into the hardware for years.
The researchers also posted YouTube videos of the attack being carried out: