Slashdot Mirror

← Back to Stories (view on slashdot.org)

WebGL Poses New Security Problems

Posted by CmdrTaco on from the but-this-time-its-in-three-dee dept.

Julie188 writes "Researchers are warning that the WebGL standard undermines existing operating system security protections and offers up new attack surfaces. To enable rendering of demanding 3D animations, WebGL allows web sites to execute shader code directly on a system's graphics card. This can allow an attacker to exploit security vulnerabilities in the graphics card driver and even inject malicious code onto the system."

3 of 178 comments (clear)

  1. Re:Glad I'm not using Binary Blob drivers by MrEricSir · · Score: 3, Insightful

    Do any FOSS drivers even support shaders?

    --
    There's no -1 for "I don't get it."
  2. I can't wait for Native Client! by Anonymous Coward · · Score: 5, Insightful

    Can anyone remind me why we're putting EVERYTHING in a web browser anyway?

  3. Re:I don't get it by amorsen · · Score: 3, Insightful

    So they're saying that enabling shader code execution allows web sites to exploit hypothetical vulnerabilities in the graphics driver?

    They're not particularly hypothetical. Graphics driver code is such that games programmers carefully work around bugs in order to not crash anything. Imagine if every program running on the main CPU had to carefully avoid certain instruction sequences in order to not crash the system -- would you run a multi-user system on that?

    Then again, that was how it was in the 80's on many time sharing systems...

    --
    Finally! A year of moderation! Ready for 2019?