NewsBot Posted June 20, 2011 Posted June 20, 2011 The royalty free cross platform API for browser based 3D graphics known as WebGL has been found to be insecure and potentially harmful to machines. Apparently WebGL allows other web pages to exploit the browser. WebGL utilizes hardware acceleration and because of more of the user system can be exposed. The reason for that is that WebGL access is the graphics card drivers. So, if there are vulnerabilities that are discovered in graphics cards there isn’t a simple security update the can be run. The driver rules differ from one piece of hardware to the next. Microsoft Security Response Center Engineering has issued an announcement and support of evidence stating that they cannot endorse the use of WebGL in its current form. They believe that WebGL exposes much more of a user's system than previously and could result in remote compromise. Hopefully in the near future WebGL we'll be able to get these issues sorted out. It would be nice to see something of this nature implemented into browsers. In fact, the stable release is just over three months old. WebGL made its debut March 3, 2011 so it is still very young. View the full article Quote
Eldmannen Posted June 27, 2011 Posted June 27, 2011 An interesting point to note is that often graphics device drivers are run in kernel-space (as opposed to user-space). Quote
James_A Posted June 28, 2011 Posted June 28, 2011 True. That's part of the problem, because it's privileged code. What Microsoft isn't saying is that Silverlight 5 suffers from exactly the same insecurity. . Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.