WebGL Poses New Security Problems 178
Julie188 writes "Researchers are warning that the WebGL standard undermines existing operating system security protections and offers up new attack surfaces. To enable rendering of demanding 3D animations, WebGL allows web sites to execute shader code directly on a system's graphics card. This can allow an attacker to exploit security vulnerabilities in the graphics card driver and even inject malicious code onto the system."
WebGL was always a bad idea (Score:2, Insightful)
Leave my hardware alone and secure!
Re:Glad I'm not using Binary Blob drivers (Score:4, Insightful)
Do any FOSS drivers even support shaders?
Re:WebGL was always a bad idea (Score:1, Insightful)
Silverlight has direct support for XNA
[snip]
a solid IDE like Visual Studio.
[snip]
Not only that but the games also work on Xbox360 and mobile phones
[snip]
Leave my hardware alone and secure!
Translation: "WebGL is insecure! Use Microsoft products instead!"
Sorry, I need to stop laughing hysterically before I can post any more.
I don't get it (Score:2, Insightful)
I can't wait for Native Client! (Score:5, Insightful)
Can anyone remind me why we're putting EVERYTHING in a web browser anyway?
Re:I don't get it (Score:4, Insightful)
So they're saying that enabling shader code execution allows web sites to exploit hypothetical vulnerabilities in the graphics driver?
They're not particularly hypothetical. Graphics driver code is such that games programmers carefully work around bugs in order to not crash anything. Imagine if every program running on the main CPU had to carefully avoid certain instruction sequences in order to not crash the system -- would you run a multi-user system on that?
Then again, that was how it was in the 80's on many time sharing systems...