Print
Today's browsers are all moving towards hardware accelerated graphics, bringing with them rich online content and a new era of web surfing. That's the upshot, anyway, The tradeoff, according to a British security consultancy, is that your graphics card driver could make you susceptible to denial of service (DoS) attacks and cross-domain image theft. At the heart of the perceived problem is WebGL, which allows browsers to use the OpenGL graphics API.
Context, the security consultancy mentioned above, claims to have identified a number of "serious security issues" with the specification and implementations of WebGL, which is turned on by default in Firefox 4 and Chrome.
"These issues can allow an attacker to provide malicious code via a web browser which allows attacks on the GPU and graphics drivers," Context says. "These attacks on the GPU via WebGL can render the entire machine unusable. Additionally, there are other dangers with WebGL that put users' data, privacy, and security at risk."
Painting a bleak picture, Context claims the issues are inherent to WebGL and would require nothing less than an architectural overhaul to fix what's wrong.
In response to Context's concerns and of others who point to WebGL as a security threat, the opens standards consortium known as the Khronos Group said it "has already specified one extension to OpenGL, GL_ARB_robustness, specifically designed to prevent denial of service and out-of-range memory access attacks from WebGL content, and is continuing to rapidly iterate on security-related functionality."
You can read more of what Context had to say (and they said a lot) here, and the Khronos Group's response here.
Comments are closed on this article
Joji
May 13, 2011 at 8:55am
That's new info for me. I never knew about that! Thanks for the article Paul! :O
