Jump to content

Recommended Posts

Posted

The royalty free cross platform API for browser based 3D graphics known as WebGL has been found to be insecure and potentially harmful to machines. Apparently WebGL allows other web pages to exploit the browser. WebGL utilizes hardware acceleration and because of more of the user system can be exposed. The reason for that is that WebGL access is the graphics card drivers. So, if there are vulnerabilities that are discovered in graphics cards there isn’t a simple security update the can be run. The driver rules differ from one piece of hardware to the next.

Microsoft Security Response Center Engineering has issued an announcement and support of evidence stating that they cannot endorse the use of WebGL in its current form. They believe that WebGL exposes much more of a user's system than previously and could result in remote compromise.

Hopefully in the near future WebGL we'll be able to get these issues sorted out. It would be nice to see something of this nature implemented into browsers. In fact, the stable release is just over three months old. WebGL made its debut March 3, 2011 so it is still very young.

View the full article

Posted

True. That's part of the problem, because it's privileged code.

What Microsoft isn't saying is that Silverlight 5 suffers from exactly the same insecurity.

.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...