Side-channel attacking browsers through CSS3 features | Security Research - Evonide

With the staggering amount of features that were introduced through HTML5 and CSS3 the attack surface of browsers grew accordingly. Consequently, it is no surprise that interactions between such features can cause unexpected behavior impacting the security of their users. In this article, we describe such a practical attack and the research behind it. tl;dr: We (co-)discovered a side-channel vulne

[Hash]

CSS3 feature “mix-blend-mode” which allowed to leak visual content from cross-origin iframes. / e.g. Facebook ユーザ名とかプロフィール画像とかが取得できる

[braitom]

ほう。“We (co-)discovered a side-channel vulnerability in browser implementations of the CSS3 feature “mix-blend-mode” which allowed to leak visual content from cross-origin iframes.”

[mergyi]

mix-blend-modeでFacebookに登録している 情報などを盗めるらしい