is a new type of side channel that exposes visual data processed on the graphics processing unit (GPU). This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression. We present the first security-centric analysis of this optimization and demonstrate that it can be abused to leak visual data. For example, using, a malicious webpage can leak pixels from another webpage in the latest version of Google Chrome, violating the browser security model.

Research Paper

The paper will appear in the 45th IEEE Symposium on Security and Privacy (San Francisco, 20-23 May 2024) with the following title:

You can download a preprint from here and the BibTeX citation from here.

The paper is the result of a collaboration between the following researchers:

Questions and Answers

Am I affected by

Likely, yes. We tested integrated GPUs from AMD, Apple, Arm, Intel, and Qualcomm and one discrete GPU from Nvidia. We have at least preliminary results to show that all tested GPUs are affected.

I am a website developer. How do I protect my users?

If your website displays sensitive information about users, you should configure your website to deny being embedded by cross-origin websites. For more information on how to do this, we refer to this article.

I am a user. Should I be worried?

Under most circumstances, probably not. Most sensitive websites already deny being embedded by cross-origin websites. As a result, they are not vulnerable to the pixel stealing attack we mounted using However, some websites remain vulnerable. For example, if a user who is logged into Wikipedia visits a malicious webpage, that webpage can exploit to learn the user’s Wikipedia username (as we demonstrate in Section 5.4 of the paper).

What makes different from prior compression side channels? exploits software-transparent uses of compression. This is in contrast to prior compression side channels, which leak because of software-visible uses of compression and can be mitigated by disabling compression in software. For a more detailed explanation, we refer to the paper.

What exactly is GPU graphical data compression?

GPU graphical data compression is a feature of modern GPUs used to save memory bandwidth and improve performance without any software involvement. Specifically, modern GPUs compress graphical data losslessly even when software does not request any compression.

Interestingly, the algorithms used by GPUs for graphical data compression vary across vendors and microarchitectures. Check out the paper for a reverse engineering of several proprietary compression algorithms used by Intel and AMD.

When did you disclose

We disclosed our findings and proof-of-concept code to GPU vendors (AMD, Apple, Arm, Intel, Nvidia, and Qualcomm) and to Google in March 2023.

Do GPU vendors plan to patch?

As of September 2023, no GPU vendor has committed to patching.

Does Chrome plan to patch?

As of September 2023, Google is still deciding whether and how to patch.

What about other browsers?

Chrome is vulnerable to the pixel stealing attack demonstrated in the paper because it satisfies the following three criteria:

  1. It allows cross-origin iframes to be loaded with cookies.
  2. It allows rendering SVG filters on iframes.
  3. It delegates rendering tasks to the GPU.

Other browsers, like Firefox and Safari, do not meet all these criteria and are therefore not vulnerable.

Yes. The logo is free to use under a CC0 license.

Did you release the source code of

Yes, you can find the source code at the link: