Page 1 of 1

New side channel attack via CSS3 feature "mix-blend-mode"

Posted: 2018-05-31, 19:56
by LigH1L
I only heard about a newly found security risk to spy on IFRAME content; Firefox and Chrome are known to be vulnerable.

Evonide Security Research: Side-channel attacking browsers through CSS3 features

Not to cause panic, just to have it mentioned. Maybe you can imagine a strategy in case your render engine is affected too.

The description sounds like it depends delicately on timings in transparency calculations.

Re: New side channel attack via CSS3 feature "mix-blend-mode"

Posted: 2018-06-01, 11:40
by ketmar
no SmartName? no dedicated site? meh, that's not how it is done these days!

Re: New side channel attack via CSS3 feature "mix-blend-mode"

Posted: 2018-06-01, 13:01
by Moonchild
As far as I've seen, none of these pixel stealing attacks work on Pale Moon, and "just in case" some DiD measures were put in place months ago. Combine that with a cautious approach to performance timers and it's at most impractical, but more likely just never works.

Re: New side channel attack via CSS3 feature "mix-blend-mode"

Posted: 2018-06-01, 13:22
by LigH1L
I hoped to hear that. Thank you. :thumbup: