This is "well known" research that resurfaces every other year. Let me tell you a story how I have heard about this in 2012 and putting it into perspective.

Research "Scriptless Attacks –
Stealing the Pie Without Touching the Sill" (2012):
 + Paper: https://www.nds.rub.de/media/emma/veroeffentlichungen/2012/08/16/scriptlessAttacks-ccs2012.pdf
 + Slides: https://www.slideshare.net/x00mario/stealing-the-pie
 + Talk recording: https://channel9.msdn.com/Events/Blue-Hat-Security-Briefings/BlueHat-Security-Briefings-Fall-2012-Sessions/BH1203

CSS Keylogger: https://github.com/maxchehab/CSS-Keylogging
Stealing Data With CSS - Attack and Defense: https://www.mike-gualtieri.com/posts/stealing-data-with-css-attack-and-defense

Twitter: 
 + https://twitter.com/0x6D6172696F
 + https://twitter.com/sirdarckcat
 + https://twitter.com/garethheyes
 + https://twitter.com/thornmaker
 + https://twitter.com/mlgualtieri

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#SecurityResearch