Clickjacking has long been considered a “dumb” attack in the cybersecurity world. Traditionally, it involves placing an invisible frame over a legitimate website to trick a user into clicking a button they didn’t intend to, like masking a “Delete Account” button with a fake “Play Video” overlay.
However, a security researcher known as Lyra has unveiled a sophisticated new technique dubbed “SVG clickjacking” that fundamentally changes the threat landscape.
A security researcher has unveiled a novel exploitation technique that fundamentally transforms how clickjacking attacks operate, turning them from simple “hidden button” tricks into complex, interactive exploits capable of reading screen content and executing logic.
Dubbed “SVG clickjacking” by its discoverer, the researcher known as Lyra (or rebane2001), the technique leverages Scalable Vector Graphics (SVG) filters to create “smart” overlays that can detect and respond to the state of a target website.
Unlike traditional clickjacking, where attackers simply overlay an invisible iframe to trick users into clicking a button, this new method allows the attack page to “read” pixels from the victim site and change its own interface based on what the user sees.
SVG Clickjacking Attack
The core of the vulnerability lies in the way modern browsers process SVG filters such as feDisplacementMap, feColorMatrix, and feComposite. While these tools are designed for graphical effects like refractions or color shifts, Lyra demonstrated that they can be repurposed to perform logical operations.
By chaining these filters together, an attacker can build functioning logic gates (AND, OR, XOR) directly within the browser’s rendering engine. This effectively turns the SVG filter into a primitive computer that can monitor a cross-origin iframe.
For example, an attack could detect if a specific dialog box has appeared, if a checkbox is checked, or if red error text is visible, and then dynamically update the fake overlay to guide the user through a multi-step process.
Lyra demonstrated the technique’s severity with a proof-of-concept attack against Google Docs, which earned a $3,133.70 bounty from Google’s Vulnerability Reward Program.
In the demo, the attacker tricked a user into generating a document, typing a fake “captcha” into a text box (which was actually a Google Docs input field), and clicking through a sequence of buttons.
The attack was notable because it required the overlay to react to the document’s state, hiding the fake input box once the user had successfully “typed” the captcha, and showing a new button only when the document was ready.
“In the past, individual parts of such an attack could’ve been pulled off through traditional clickjacking… but the entire attack would’ve been way too long and complex to be realistic,” Lyra wrote.
Perhaps the most striking application of SVG clickjacking is its ability to exfiltrate data. The researcher showed how the technique could read sensitive pixels from a target site and encode that data into a URL, which is then rendered as a scannable QR code using the feDisplacementMap filter.
This creates a scenario where an attacker could prompt a user to “scan this code to verify you are human,” while the code actually contains a URL with their stolen session data or private information embedded in the parameters.
This research marks a significant escalation in “UI redress” attacks. By proving that SVG filters can act as a side-channel to read cross-origin pixels and execute logic, the research suggests that simply relying on visual obscurity is no longer a sufficient defense against clickjacking.
As Lyra noted, the technique allows for attacks that are “interactive” and “responsive,” bypassing the blind guesswork that previously limited the impact of such exploits.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
