Pixnapping: Bringing Pixel Stealing out of the Stone Age

Pixel stealing attacks enable malicious websites to leak sensitive content displayed in victim websites. The idea, introduced by Stone in 2013, is to embed victim websites in iframes and use SVG filters to compute on, and create side channels as a function of, those websites' pixels. Fortunately, despite the danger, pixel stealing attacks are all but mitigated today thanks to websites and web browsers heavily restricting iframes and cross-origin cookie sharing.