Sidechannel pixel-stealing attack works in Chromium on all modern GPUs

[Asraelite]

Site permissions are already a thing for e.g. video and location access. I don't see why they're not extended to all these other attack vectors: WebGPU, WebRTC, canvas, Web Audio, iframes, precise timing functions, WASM etc.

Most sites don't need any of these features so why not make them opt-in and per-site?

[nicce]

95% of the people have no idea what they mean and just click yes.