Researchers from Context Information Security have issued a warning that the WebGL standard might be doing its job well from a graphical perspective, but there is a dark side to it – it might just undermine the security concept that is practised by current operating system versions, opening up new avenues for external attacks over the Internet. For starters, in order to enable rendering of demanding 3D animations, WebGL will give permission to web sites to execute shader code directly on a system’s graphics card. Anyone with malicious intent and a high level of technical know-how will be able to exploit this and take down an entire system just like that.
How does that happen? For starters, manipulating the GPU itself to render really complex 3D models, or perhaps run some very processor-intensive shader programs. In fact, this backdoor threat has not been overlooked by the Khronos Group, the brains behind WebGL, and did warn users of this potential speed bump in the WebGL specification, but is anyone taking heed?
You aren’t really that safe anymore these days, so whatever the case is, make sure you hang around decent Web sites, update all your software to the latest version always if possible, and make sure the proper defenses are always in place.
Filed in . Read more about Security.