WebGL Poses New Security Problems

Julie188 writes "Researchers are warning that the WebGL standard undermines existing operating system security protections and offers up new attack surfaces. To enable rendering of demanding 3D animations, WebGL allows web sites to execute shader code directly on a system's graphics card. This can allow an attacker to exploit security vulnerabilities in the graphics card driver and even inject malicious code onto the system."

Glad I'm not using Binary Blob drivers

[xiando]

An attack based on "exploit security vulnerabilities in the graphics card driver" seems less likely using the FOSS graphics drivers. I'm not saying they can not be exploited, I'm just saying that this makes me feel somewhat safer than I would feel if I were using the closed Binary Blob drivers.

Quake Live

[mfh]

I raised this concern with Quake Live, but was quickly shut down by people. Nobody wants to listen to the possible security holes in something they want to ram through at all cost. Forgive my tone if I'm a little annoyed hearing this. Sometimes you want to be wrong about something, but now I have been proven correct, I'm annoyed with myself.