Novel Clickjacking Attack Relies on CSS and SVG

Security researcher Lyra Rebane has developed a novel clickjacking attack utilizing CSS and SVG, which poses risks by bypassing the web's same-origin policy. This attack enables manipulation of user interface elements without JavaScript. Rebane's technique was explored in her BSides presentation and is based on SVG filters, allowing for complex attack chains. While it hasn't been fixed, defenders may use the Intersection Observer API to detect such vulnerabilities. The attack exemplifies the evolving nature of web security threats.

https://www.theregister.com/2025/12/05/css_svg_clickjacking/

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top