惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

罗磊的独立博客
Forbes - Security
Forbes - Security
Blog — PlanetScale
Blog — PlanetScale
P
Proofpoint News Feed
Apple Machine Learning Research
Apple Machine Learning Research
Google DeepMind News
Google DeepMind News
MyScale Blog
MyScale Blog
GbyAI
GbyAI
B
Blog RSS Feed
S
SegmentFault 最新的问题
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
小众软件
小众软件
The Last Watchdog
The Last Watchdog
W
WeLiveSecurity
Webroot Blog
Webroot Blog
S
Security @ Cisco Blogs
Hugging Face - Blog
Hugging Face - Blog
Microsoft Security Blog
Microsoft Security Blog
月光博客
月光博客
博客园 - 聂微东
F
Fortinet All Blogs
H
Hacker News: Front Page
A
About on SuperTechFans
Application and Cybersecurity Blog
Application and Cybersecurity Blog
C
Check Point Blog
V
V2EX
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Y
Y Combinator Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
N
News | PayPal Newsroom
Cisco Talos Blog
Cisco Talos Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
The Cloudflare Blog
P
Privacy & Cybersecurity Law Blog
N
Netflix TechBlog - Medium
C
CXSECURITY Database RSS Feed - CXSecurity.com
Recorded Future
Recorded Future
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Google DeepMind News
Google DeepMind News
大猫的无限游戏
大猫的无限游戏
美团技术团队
Security Latest
Security Latest
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
I
InfoQ
Recent Announcements
Recent Announcements
The GitHub Blog
The GitHub Blog
Google Online Security Blog
Google Online Security Blog
T
The Exploit Database - CXSecurity.com

The Register - Security: Research

www.theregister.com Self-destructing Mistic backdoor linked to access broker selling corporate footholds to ransomware gangs PRC-linked spies hid inside medical and military networks for more than a year, snooping through Gmail and stealing data Nobody needs Mythos or 0-days to build a chaos-causing computer worm – free open source models work just fine ChatGPT blindly trusts browser content, turning the page into a payload Russia-linked threat group put ChatGPT to work from lure to payload Kids can bypass some age checks with a drawn-on mustache What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia ORNL builds more sensitive GPS interference detector Researchers find sabotage malware that may predate Stuxnet Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus Anthropic, Google, Microsoft paid AI bug bounties – quietly Security reserchers tricked Apple Intelligence into cursing Don't open that WhatsApp message, Microsoft warns Security boffins harvest bumper crop of API keys from web Lightning-fast exploits mean patch fast, says Cisco Talos AI agents are 'gullible' and easy to turn into your minions Smooth criminals talking their way into cloud environments, Google says Snoops plant info-stealing malware on iPhones, Google warns Cybercrime up 245% since the start of the Iran war Rogue AI agents can work together to hack systems Fake applicants are sending security-killing malware AI agent hacked McKinsey chatbot for read-write access Kaspersky: No signs Coruna iPhone exploit kit made by US Perplexity Comet browser hole was exploitable via cal invite DEF CON hackers 'fed up with government,' Jake Braun says DEF CON hackers 'fed up with government,' Jake Braun says Ransomware payments cratered in 2025 – attacks did not Ransomware payments cratered in 2025 – attacks did not Claude's collaboration tools allowed remote code execution AI takes a swing at online anonymity Fake 'interview' repos lure Next.js devs into running secret-stealing malware Threat intelligence supply chain is full of weak links AI agents abound, unbound by rules or safety disclosures RAT disguised as an RMM costs crims $300 a month Android malware taps Gemini to navigate infected devices Posting AI caricatures on social media is bad for security Payroll pirates conned the help desk, stole employee’s pay Microsoft boffins show LLM safety can be trained away For the price of Netflix, crooks can rent AI crime ops For the price of Netflix, crooks can rent AI crime ops Fast Pair, loose security: Bluetooth accessories open to silent hijack Fast Pair flaw exposes Bluetooth devices to hijacking A simple CodeBuild flaw put every AWS environment at risk A simple CodeBuild flaw put every AWS environment at risk DeadLock ransomware uses smart contracts to evade defenders Python libraries in AI/ML models can be poisoned w metadata OpenAI patches déjà vu prompt injection vuln in ChatGPT Fake Windows BSODs check in at Europe's hotels to con staff into running malware Hotel staff tricked into installing malware by bogus BSODs Your car’s web browser may be on the road to cyber ruin China's Ink Dragon hides out in European government networks Browser 'privacy' extensions have eye on your AI, log all your chats NCSC finds cyber deception tools work, if deployed right 10K Docker images spray live cloud creds across the internet 'Botnets in physical form' are top humanoid robot risk 'Botnets in physical form' are top humanoid robot risk Apache warns of 10.0-rated flaw in Tika metadata toolkit 'Exploitation is imminent' of max-severity React bug Swiss government bans SaaS and cloud for sensitive info Scattered Lapsus$ Hunters stress testing Zendesk weak spots HashJack attack shows AI browsers can be fooled with '#' New ClickFix attacks use fake Windows Updates to swipe creds Years-old bugs in open source took out major clouds at risk LLM-generated malware improving, but not operational (yet) 3.5B WhatsApp users' info scooped through enumeration flaw 3.5B WhatsApp users' info scooped through enumeration flaw 50k more ASUS routers pwned by evolving Beijing-linked op Overconfidence is the new zero-day as teams stumble through cyber simulations LLM side-channel attack could allow snoops to guess topic Landfall spyware used in 0-day attacks on Samsung phones MIT Sloan shelves paper about AI-driven ransomware Security hole slams Chromium browsers - no fix yet OpenAI Atlas Browser tripped up by malformed URLs Devs of VS Code extensions are leaking secrets en masse Chatbots that butter you up make you worse at conflict Tile trackers leak unencrypted Bluetooth data, say boffins Beijing's RedNovember hacked critical US, global orgs Lazarus RAT code resurfaces in North Korean IT-worker scams Suspected Chinese spies broke into 'numerous' enterprises Deepfaked calls hit 44% of businesses in last year: Gartner Kaspersky: RevengeHotels returns with AI-coded malware Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack HybridPetya ransomware dodges UEFI Secure Boot
Novel clickjacking attack relies on CSS and SVG
Thomas Claburn Thomas Claburn · 2025-12-06 · via The Register - Security: Research

Research

Who needs JavaScript?

Security researcher Lyra Rebane has devised a novel clickjacking attack that relies on Scalable Vector Graphics (SVG) and Cascading Style Sheets (CSS).

Rebane demonstrated the technique at BSides Tallinn in October and has now published a summary of her approach. The attack, which has yet to be fully mitigated, relies on the fact that SVG filters can leak information across origins, in violation of the web's same-origin policy.

Clickjacking refers to various ways of tricking the user of an application or website into taking unintended action. Also known as a user-interface redress attack, it commonly involves manipulating interface elements so that user input can be redirected for nefarious purposes.

The term was coined in 2008 by security researchers Jeremiah Grossman and Robert Hansen to describe a way to hijack mouse click events so they can be applied as desired by the attacker (e.g. to make the victim click a web page submit button).

Since then, various mitigations have been developed to reinforce the web's fundamental security model. These involve limiting how different origins (often in the form of web domains) can interact with one another. 

As detailed by OWASP, common defenses include: preventing browsers from loading pages in a frame using X-Frame-Options or Content Security Policy (frame-ancestors) HTTP headers; preventing session cookies from being included when a page gets loaded in a frame; and using JavaScript to prevent pages from being loaded in a frame.

Nonetheless, new variations keep cropping up, such as last year's cross-window forgery.

Rebane discovered her attack technique after trying to replicate Apple's Liquid Glass visual distortion effect using SVG and CSS. Having succeeded in doing so, she found that her SVG/CSS recreation of the liquid glass effect, when placed in an iframe, had access to the pixels in the underlying main webpage.

Rebane told The Register that people have used SVG in the past for cross-origin attacks, citing Paul Stone's Perfect Pixel Timing Attacks With HTML [PDF] and Ron Masas's The Human Side Channel attack. 

"I don't think anyone else has run logic on cross-origin data the way I have," said Rebane.

Rebane's post goes into detail about how she used SVG filters to create logic gates to process web page pixels using arbitrary compute functions, in order to implement a clickjacking attack that would be too complicated using other means.

"By using feBlend and feComposite, we can recreate all logic gates and make SVG filters functionally complete," her post explains. "This means that we can program anything we want, as long as it is not timing-based and doesn't take up too many resources."

Rebane demonstrated the application of her technique by creating a proof-of-concept attack for exfiltrating Google Docs text. The attack involves a "Generate Document" button placed on a popup interface window. When pressed, the underlying code detects the popup and presents a CAPTCHA textbox for user input. The CAPTCHA submission button adds a suggested Docs file to a hidden textbox.

Normally, this might be blocked by setting the X-Frame-Options header. But Google Docs allows framing.

Screenshot of Lyra Rebane's BSides presentation on SVG clickjacking

Screenshot of Lyra Rebane's BSides presentation on SVG clickjacking

Rebane said that this is relatively common for applications that need to be usable on third-party websites. "Think video embeds (YouTube, Vimeo), social media embeds, map applications, payment providers, comments, ads etc," she explained. "There are also many applications that are not intended to be frameable, but are missing the required headers to prevent that – this is often the case for API endpoints, for example."

What's more, Rebane said, the attack can be run on a non-frame target using HTML injection.

"There's a vulnerability class known as XSS which involves injecting HTML on websites through various means to execute malicious JavaScript," Rebane explained. "An attacker being able to inject HTML on your site used to mean immediate game over, but these days more and more sites have started using CSPs, which allow website owners to make sure that no unsafe JavaScript runs on the page, thus preventing XSS attacks."

An attacker who finds such a site, said Rebane, has to figure out how to exploit the injection without using JavaScript.

"CSS is the next best thing to use, and it can be used for many kinds of interesting attacks," Rebane said, arguing that CSS qualifies as a programming language. "SVG clickjacking is one of the many attacks that could be used there."

SVG clickjacking doesn't dramatically change the web security landscape but it simplifies the challenge of creating complicated attack chains.

Rebane says Google awarded a bug bounty of $3133.70 for reporting the vulnerability. "This attack has not been fixed, but it is also unclear at the moment whether it is a browser bug or not, and FWIW it affects other browsers too (e.g. Firefox)," she said.

There are ways for developers to defended against SVG clickjacking. Rebane in her presentation cited the Intersection Observer v2 API as a way to detect when an SVG filter is covering an iframe.

Google did not immediately respond to a request for comment. 

A related Chromium bug posted in March that, according to Rebane, dates back to the Perfect Pixel Timing Attacks and its successors, has been marked "won't fix." ®