Researchers have discovered a new cross-origin #attack which allows #malicious websites to read sensitive visual data displayed by other websites using GPUs from all major suppliers. The attack, named GPU.zip, bypasses the same origin policy and steals pixels one by one by exploiting data compression used by both internal and discrete GPUs. The attack works on GPUs provided by #Apple, #Intel, #AMD, #Qualcomm, #Arm, and #Nvidia, and affects both iGPUs and discrete GPUs.
https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack/
