All Major Browsers Now Support WebAssembly

An anonymous reader writes: "It took only two years for all browser vendors to get on the same page regarding the new WebAssembly standard, and as of October 2017, all major browsers support it," reports Bleeping Computer. Project spearheads Firefox and Chrome were the first major browsers to graduate WebAssembly from preview versions to their respective stable branches over the summer. The second wave followed in the following weeks when Chromium-based browsers like Opera and Vivaldi also rolled out the feature as soon as it was added to the Chromium stable version. The last ones to ship WebAssembly in the stable branches were Apple in Safari 11.0 and Microsoft in Microsoft Edge (EdgeHTML 16), which is the version that shipped with the Windows 10 Fall Creators Update. Both were released last month. WebAssembly, or wasm, is a bytecode format for the web, allowing developers to send JavaScript code to browsers in smaller sizes, but also to compile from C/C++/Rust to wasm directly.

Well that's unfortunate.

Already about 1/2 of web pages I can only get to work by using "view source" and clipping out links from the source which for some idiotic reason the site wants to demand javascript to do something that pure HTML could do just fine, such as display an image or move to another URL when you click on the link.

Can't wait until that has yet another layer of obscuration due to WebAssem.

The modern web's idiocy only ever grows larger and larger. Can't wait for WebAssem based obscuring images over the text you're trying to read, or more obscured privacy obliterations or the like. At least firefox will have a way to shut that idiocy off.

Re:Well that's unfortunate.

Just wait for WebAssembly to be the next Flash/malware ad vector.

Personally I hope it fails. The web browser should never have been an "app" ecosystem, because browsers can't keep their shit together.

Re:Well that's unfortunate.

[TheRaven64]

If you send a lot of random shit at something, of course it's going to crash.

If your thread model for something that is expected to accept random crap from the Internet is 'it's fine as long as input is well formed', then you are going to have a lot of fun dealing with security vulnerabilities. Contrary to your assertion, well-written code does not crash when you send it a lot of random shit, it gracefully handles errors.

Chrome & Safari are only browsers that matter

Let's be honest with ourselves here, as of late 2017 the only browsers that matter are Chrome and Safari. Together they have about 85% of the entire market. IE/Edge comes next. Firefox, Opera and Vivaldi barely register.

Chrome, and to a lesser extent Safari, define what the web is. If they don't support a web technology, it effectively does not exist. If they support a technology, it's a standard.

Wasm's success will be fully determined by how well Chrome and Safari support it. It doesn't really matter if Firefox does or doesn't support it. Firefox's 2% or 3% of the market doesn't matter at all.

Tremendous mistake

[Okian+Warrior]

I think Web Assembly is a tremendous mistake.

This will end up being nothing more than an insecure vector for people you don't know to run programs on your computer.

1) It claims to be secure by only executing in a sandbox. Have other attempts at sandboxing had security flaws?
2) Assuming the sandboxing works as advertized, is there a way for the sandboxing to break the sandbox in ways the coders hadn't considered? (Such as periodically using a lot/little CPU time or memory as a way to communicate to a different tab?)
3) Can Web Assembly be used to steal CPU cycles, so your computer can be used for BitCoin mining or anything else while visiting a web page? (And no, that they can do this already doesn't invalidate the argument.)
4) Does Web Assembly add a level of obfuscation to the code, making it harder to see what it's doing?

We once had a period where E-mail attachments were automatically opened and run, where Excel macros activate when a spreadsheet is viewed, and where myriad ActiveX libraries were available for use by anyone.

Anyone remember that era?

We've locked down the ability to install and run programs on our computers, but now we've moved the goalposts. Our browser will now download and run programs for us from any random website, any website that contracts out to an agency to supply advertizing, and and website advertizing contractor who doesn't vet his clients.

"Oh, we're so sorry! That malware delivery got through our vetting process. We've terminated that one client, please feel safe downloading the ads from all of our other clients - they're clean. Pinky swear! :-)"

For the next 10 years expect to see a steady stream of exploits and patches. A mini industry will crop up selling antivirus checkers for web pages, and AdBlock extensions for browsers.

It's deja vu all over again.