"Pixel perfect timing attacks"... using draw APIs to break security boundaries in an application and extract sensitive information https://www.contextis.com/resources/white-papers/pixel-perfect-timing-attacks-with-html5
See also https://www.pcworld.com/article/2082200/listen-up-rsa-keys-snatched-by-recording-cpu-sounds-with-a-phone.html https://arstechnica.com/information-technology/2013/12/new-attack-steals-e-mail-decryption-keys-by-capturing-computer-sounds/