Jump to content
Sign in to follow this  

WebGL found to be too dangerous

Recommended Posts

The royalty free cross platform API for browser based 3D graphics known as WebGL has been found to be insecure and potentially harmful to machines. Apparently WebGL allows other web pages to exploit the browser. WebGL utilizes hardware acceleration and because of more of the user system can be exposed. The reason for that is that WebGL access is the graphics card drivers. So, if there are vulnerabilities that are discovered in graphics cards there isn’t a simple security update the can be run. The driver rules differ from one piece of hardware to the next.

Microsoft Security Response Center Engineering has issued an announcement and support of evidence stating that they cannot endorse the use of WebGL in its current form. They believe that WebGL exposes much more of a user's system than previously and could result in remote compromise.

Hopefully in the near future WebGL we'll be able to get these issues sorted out. It would be nice to see something of this nature implemented into browsers. In fact, the stable release is just over three months old. WebGL made its debut March 3, 2011 so it is still very young.

View the full article

Share this post

Link to post
Share on other sites

True. That's part of the problem, because it's privileged code.

What Microsoft isn't saying is that Silverlight 5 suffers from exactly the same insecurity.


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this