Researcher: WebGL poses security threat
พฤษภาคม 10, 2011 ใส่ความเห็น
A security firm says it’s found a vulnerability in the WebGL technology for building accelerated 3D graphics into the Web, a problem that could enable attacks through code executed on a computer’s graphics chip.
Attacks could take two basic forms, according to a blog post by Context Information Security. In one, a computer could be rendered useless by visiting a Web page that would execute WebGL software that simply brings the machine to its knees.
In the other, “Dangers with WebGL…put users’ data, privacy, and security at risk,” Context said–specifically, graphics-related information. It posted a proof of concept it says demonstrates the problem.
WebGL, enabled in newer versions of Chrome and Firefox, lets a browser show 3D graphics good for applications such as games or online maps, and it’s a high-profile example of efforts to endow Web applications with abilities formerly reserved for native software.
Google didn’t respond to a request for comment. Mozilla said it’s in contact with Context and is looking into the matter.
Context said the problems it’s found lie with the WebGL specification, not a particular browser’s implementation.
“Based on this limited research Context does not believe WebGL is really ready for mass usage, therefore Context recommends that users and corporate IT managers consider disabling WebGL in their Web browsers,” Context said.