Zero-JS Clickjacking: SVG Filters Exploit iFrames to Steal Cross-Origin Data

Estonian security researcher Lira Rebane has unveiled an unconventional clickjacking technique that hinges on a fusion of SVG graphics and cascading style sheets. Her talk at BSides Tallinn in October passed largely unnoticed by the broader community, yet the detailed write-up she has since published reveals an issue far more serious than a visual-effects experiment. Rebane discovered that SVG filters can extract data from web pages displayed beneath them inside an embedded iframe — thereby violating one of the foundational browser-security principles that forbids cross-origin access to embedded content.

Clickjacking has existed for more than a decade and encompasses numerous tricks designed to coax a user into performing an action they never intended. The manipulation may appear innocuous — for instance, a user clicks a button unaware that beneath it lies an element from a third-party site. The term was coined in 2008 by researchers Jeremiah Grossman and Robert Hansen, who studied how clicks could be intercepted and redirected to attacker-chosen targets. Since then, robust mitigations have emerged: browsers now restrict page behavior within iframes, block the transfer of session cookies in such contexts, and increase the transparency of interactions across domains.

Despite these protections, new variants continue to surface — last year’s technique for forging cross-window interactions being a recent example. Rebane’s finding occupies a similar territory, but relies on a completely different mechanism. Initially, she set out to recreate Apple’s characteristic “Liquid Glass” visual effect using SVG filters and CSS. When the experiment succeeded, she noticed something unexpected: the applied filter, when placed inside an embedded iframe, appeared to gain access to pixels of the underlying parent document — pixels that should, by security policy, be entirely out of reach.

Rebane notes that SVG has long been explored as a vector for cross-domain attacks, citing Paul Stone’s research on Perfect Pixel Timing Attacks and Ron Masas’s work on Human Side Channels. Nevertheless, she maintains that no one had previously leveraged data obtained from SVG filters in this way: “I don’t think anyone else has run computations on cross-domain data the way I have,” she told The Register.

The key insight is that SVG filters can be combined to behave like logical components. Using feBlend and feComposite, Rebane constructed chains capable of processing a page’s pixels using arbitrary functions — effectively transforming a collection of filters into a rudimentary computational unit that requires no JavaScript. This approach enables attacks that would be prohibitively complex, or outright impossible, through other means.

To demonstrate real-world applicability, Rebane targeted Google Docs. Her proof-of-concept involved a pop-up window with a “Generate Document” button. After clicking it, users were shown a text area for CAPTCHA input, while the underlying code silently replaced a hidden field’s contents with a predetermined snippet that the model would later insert into the document. Such behavior is normally blocked by X-Frame-Options headers or frame-ancestors policies, but Docs can be embedded on external sites — making the service vulnerable to this technique.

Rebane points out that many other services also permit framing: video platforms, mapping tools, comment systems, ad networks, payment widgets. Moreover, many interfaces that were never intended to run in frames fail to set the required restrictive headers — a common oversight in API endpoints.

The technique is not limited to scen­arios involving embedded frames. When HTML injection is possible, the same filter chains can be built directly atop the target page itself. Rebane reminds us that the XSS class historically allowed attackers to execute JavaScript on compromised sites. As more site owners adopt stricter policies forbidding unsafe script execution, attackers are forced to seek alternatives — and CSS becomes a convenient tool. It can manipulate page layout and user interaction without executing scripts. SVG clickjacking is merely one of several techniques that arise from this shift.

Although the new method does not overturn the fundamental principles of web security, it dramatically simplifies the assembly of complex attack chains. Google awarded Rebane a bounty of $3,133.70 for reporting the issue. No fix exists yet, and it remains unclear whether the behavior stems from a browser flaw or from quirks within the specification itself. Rebane notes that the issue is reproducible not only in Chromium-based browsers but also in Firefox.

Developers can defend against such attacks. Among Rebane’s recommendations is Intersection Observer v2, which helps detect scenarios where an SVG filter overlays iframe content. Meanwhile, a Chromium bug report — filed back in March and related to pixel-processing data leaks — remains open and marked “won’t fix,” a disquieting signal in light of the demonstrated technique and a likely seed for future research.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy