In this paper, the authors show that under realistic
assumptions, it is indeed possible to bypass TRR directly from
JavaScript, allowing attackers to exploit the resurfaced Rowhammer
bug inside the browser. In addition, their analysis reveals new
requirements for practical TRR evasion. For instance, they
discovered that activating many rows in rapid succession as shown
in TRRespass may not always be sufficient to produce bit flips. The
scheduling of DRAM accesses also plays an important role.
Read more https://packetstormsecurity.com/files/162192/smash_sec21.pdf