7 comments

[ 2.2 ms ] story [ 35.0 ms ] thread
Fascinating.

Is it correct to say that extracting information about the text in a target iframe using this attack depends on knowing the pixel widths of all the characters in the font used in an arbitrary line of text in the target iframe?

It is even more complex as the width of a text in most fonts also varies with the specific order of the characters because of kerning (VAI takes less space than VIA, because the A is placed closer to the V in former) and ligatures (for example the dot of the i in "fi" is often swallowed by the f).
Could the browser make small fractional random changes (+/-1 px) to the requested iframe size to avoid this attack?
From the headline, i first thought about the MKV video container and video frames. :)