On Tue, Oct 18, 2011 at 10:11 AM, Gregg Tavares (wrk) <gman@google.com> wrote: > Don't CSS shaders end up exposing the same timing attacks for reading images > that WebGL used to before CORS support was added? > Basically, build a shader that takes more time depending on the pixels. Use > requestAnimationFrame to time how long compositing took, adjust until you > overflow a frame. You can now read pixels. Specifically, if you use a shader that runs either at 60fps or 30fps based on what it's run on, you can use rAF to extract, on average, about 45 bits/second of data from any element on the page, potentially including things like cross-origin iframes. ~TJReceived on Tuesday, 18 October 2011 23:03:49 UTC
This archive was generated by hypermail 2.4.0 : Friday, 25 March 2022 10:08:06 UTC