I haven't been able to break out of sandbox by means of inline script in SVG on chromium / webkit based browsers for a longer time now; except I saw something in safari when you'd "open image in new tab". 

But maybe I'm just doing it wrong.

optimism

news

As attackers increasingly leverage Scalable Vector Graphics (SVG) for stealthy code injection, security researchers face mounting challenges in detecting obfuscated payloads embedded within SVG assets. 

The SVG Security Analysis Toolkit by HackingLZ offers a comprehensive solution: a suite of four Python-based tools designed to reveal hidden scripts, decode obfuscated URLs, and verify protection mechanisms, all without exposing analysts to unsafe execution environments.