ArsTechnica summarized research that documents a vulnerability in both integrated and discrete GPUs which lets a website pull pixels from another site through the use of iframes and the exploitation of side channels created by the GPU when it compresses data. The vulnerability hinges on accessing that side channel to reproduce what’s on screen, pixel by pixel.
Fortunately, the researchers don’t believe this is a true threat — and neither do Nvidia, Qualcomm, or Google, per statements published at Ars. However, according to Ars, some browsers, including Chrome and Edge, are technically vulnerable. Firefox and Safari are not.