Cross-Origin Pixel-Stealing Vulnerability in Imagination GPUs
CVE-2023-44216
5.3MEDIUM
Summary
Imagination's PowerVR Image Compression technology on its GPUs, developed in 2018 and later, is susceptible to a cross-origin pixel-stealing vulnerability. This flaw allows attackers to exploit the feTurbulence and feBlend features specified in SVG filters, resulting in the unauthorized extraction of sensitive information from web pages. By controlling a resource from a different origin, attackers can infer text and other data from the targeted web page, raising significant privacy and security concerns for users relying on affected GPU hardware.
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved