Skip to content
/ cve-2020-16012 Public

PoC for CVE-2020-16012, a timing side channel in drawImage in Firefox & Chrome

9 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

aleksejspopovs/cve-2020-16012

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
benchmark
benchmark
 
 
exploit
exploit
 
 
README.md
README.md
 
 

Repository files navigation

This repo contains PoCs for CVE-2020-16012, a side channel vulnerability in the implementation of CanvasRenderingContext2D.drawImage() in Firefox and Chromium.

Read a writeup of this vulnerability on the Mozilla Attack & Defense blog.

Inside benchmark is code for measuring the timing of the operations involved, as well as the results of the benchmark obtained on Firefox 76 and Chromium 83 running on Linux using CPU rendering.

Inside exploit is an example exploit that recovers the silhouette of a cross-origin image using this vulnerability, as well as a recording of the exploit in action.

About

PoC for CVE-2020-16012, a timing side channel in drawImage in Firefox & Chrome

Resources

Readme
Activity

Stars

9 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages