A researcher at the Context Information Security consulting firm has identified a number of serious vulnerabilities in the new WebGL 3D graphics standard enabled by default in Firefox 4 and Google Chrome browsers, and as an option in the Apple Safari browser.
The vulnerability in the specification and implementation of WebGL allows an attacker to inject malicious code via the web browser, enabling attacks on the graphics processing unit (GPU) and graphics drivers. These attacks can render the entire machine unusable, according to Context researcher James Forshaw.The researcher said there are other security issues that put users’ data and security at risk.
“These issues are inherent to the WebGL specification and would require significant architectural changes in order to remediate in the platform design. Fundamentally, WebGL now allows full (Turing Complete) programs from the internet to reach the graphics driver and graphics hardware which operate in what is supposed to be the most protected part of the computer (Kernel Mode)”, he explained. Read More
