For the unenlightened: WebGL - short for web-based graphics library is (or perhaps was) the new hope for a universal 3D web graphics standard. Particularly useful for online games which utilize hardware-accelerated 3D graphics and for other visually intensive tasks.
WebGL is already built into the Chrome and Firefox browsers and it was hoped it would become the universal standard across all major browsers. However, as with many experimental technologies, everything worked out just fine under the pristine laboratory conditions but it hasn't fared too well in the real world (once security scrutiny kicked in).
It appears inherent vulnerabilities are the main stumbling block. Context Information Security, a reputable security firm, issued initial warnings in May and have now backed that up with specifics.
Microsoft, who have never been a fan of the proposed new standard, have jumped on the bandwagon issuing the following statement: [i:u4wtln7g]"We believe that WebGL will likely become an ongoing source of hard-to-fix vulnerabilities. In its current form, WebGL is not a technology Microsoft can endorse from a security perspective."[/i:u4wtln7g]
You can read through Microsoft's full statement, bluntly titled "WebGL Considered Harmful", [url=http://blogs.technet.com/b/srd/archive/2011/06/16/webgl-considered-harmful.aspx:u4wtln7g]HERE.[/url:u4wtln7g]
Context Information Security's initial May report (WebGL - A New Dimension for Browser Exploitation) can be viewed [url=http://www.contextis.co.uk/resources/blog/webgl/:u4wtln7g]HERE.[/url:u4wtln7g]
Their recent follow up report (WebGL
This is really a very interesting story given the big picture. Not much to worry about right now, but think of the future...
A browser is a direct vector into not one, but all, operating systems. Security with both current and future standards needs to be a priority for any browser!
Thanks for the head's up, Jim!
Most Users Ever Online: 2303
Currently Browsing this Page:
Guest Posters: 11
Administrators: Jim Hillier, Richard Pedersen, David Hartsock, Marc Thomas
Moderators: Carol Bratt, dandl, Jason Shuffield, Jim Canfield, Terry Hollett, Sergey Grankin