Cross-Origin Pixel-Stealing Vulnerability in Imagination GPUs
CVE-2023-44216
5.3MEDIUM
What is CVE-2023-44216?
Imagination's PowerVR Image Compression technology on its GPUs, developed in 2018 and later, is susceptible to a cross-origin pixel-stealing vulnerability. This flaw allows attackers to exploit the feTurbulence and feBlend features specified in SVG filters, resulting in the unauthorized extraction of sensitive information from web pages. By controlling a resource from a different origin, attackers can infer text and other data from the targeted web page, raising significant privacy and security concerns for users relying on affected GPU hardware.