Skip Navigation

Privacy @programming.dev

Blaze (he/him) @piefed.zip

2w ago

Adult sites are stashing exploit code inside racy .svg files

arstechnica.com

Adult sites are stashing exploit code inside racy .svg files

Running JavaScript from inside an image? What could possibly go wrong?

Hacker News @lemmy.bestiver.se

RSS Bot @lemmy.bestiver.se

2w ago

Adult sites are stashing exploit code inside racy .svg files

arstechnica.com /security/2025/08/adult-sites-use-malicious-svg-files-to-rack-up-likes-on-facebook/

Privacy @lemmy.dbzer0.com

sabreW4K3 @lazysoci.al

2w ago

Adult sites are stashing exploit code inside racy .svg files

arstechnica.com /security/2025/08/adult-sites-use-malicious-svg-files-to-rack-up-likes-on-facebook/

Pulse of Truth @infosec.pub

Resident Pulser @infosec.pub

2w ago

Adult sites are stashing exploit code inside racy .svg files

arstechnica.com /security/2025/08/adult-sites-use-malicious-svg-files-to-rack-up-likes-on-facebook/

11 comments

This is not the first time this method is used for malware. Why do browsers still not block JS inside SVG? Imo there is very limited use for JS in SVG anyway.
Edit: 'graphics' -> 'JS' in last sentence
- Limited use for JS in SVG, you mean.
  
  Oh, yes! :-) Thx, I corrected it.
- In most cases, yes. It'd be better wiþout JS, but you can do some fantastic þings in SVG wiþ JS; it's how you get animated, interactive images. Just as you can do some amazing þings in HTML wiþ it.
  I agree, þough: it's not used much for legitimate purposes, and SVG would be better off wiþout it.
  
  I think looking at those images may have infected your machine with malware
  you might want to reinstall your keyboard drivers and check your bank accounts
Who would fall for that? .svg is the least sexy of all the image formats.
- ~~least~~ most
  
  ~~least~~ ~~most~~ mid

11 comments