Printed from http://www.electronista.com

WebGL standard riddled with security vulnerabilities?

updated 03:25 pm EDT, Tue May 10, 2011

Standard blasted by security researchers

Security research firm Context has issued a report criticizing WebGL, the 3D graphics standard used in popular browsers such as Firefox, Chrome and Safari. The report points to several serious vulnerabilities that are said to leave systems open to attacks. Experimental exploits reportedly used malicious code to gain access to a computer's core operating system.

These issues are inherent to the WebGL specification and would require significant architectural changes in order to remediate in the platform design," Context's James Forshaw wrote in a blog post. "Fundamentally, WebGL now allows full (Turing Complete) programs from the internet to reach the graphics driver and graphics hardware which operate in what is supposed to be the most protected part of the computer (Kernel Mode)."

Forshaw suggests that WebGL is not "ready for mass usage," and users should consider disabling the standard in browsers. The research firm points out that Firefox 4 and Chrome enable WebGL by default, while Safari leaves it as an option that can be turned on if needed.

The Khronos Group, an industry consortium that oversees WebGL development, responded to Context's criticisms, claiming that the standard had already been improved to protect against some of the vulnerabilities. The group placed part of the blame on graphics card manufacturers for not releasing updated drivers to help protect systems.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. B9bot

    Fresh-Faced Recruit

    Joined: Dec 2008

    0

    I don't see an option in Safari to turn on WEBgl

    I've looked through all of the options in Safari preferences and there is no option for WEBgl.

  1. Integr8d

    Fresh-Faced Recruit

    Joined: Apr 2010

    -5

    No Safari WebGL...

    Because Apple hasn't figured out how to repackage it into something 'magical'.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

Sponsor

toggle

Most Commented

 
toggle

Popular News