![]() ![]() ![]() They found some memory safety issues in several WebGL APIs, and also found some attacks that would allow one web site to read pixel data of other web sites (which could enable a breach of confidentiality). There was one high-visibility white paper (see also the sequel) which looked at the security of the WebGL implementation in browsers at the time, and found a number of vulnerabilities. However, many of these APIs and their implementations were not originally designed to be provided to untrusted entities (they were only usable by native applications, which are fully trusted), so there are concerns about whether exposing them to arbitrary web sites might enable web sites to attack your system. The browser does attempt to sandbox this code (to a certain extent), and browsers do enforce a number of security restrictions designed to prevent malicious behavior. One major risk is that WebGL involves running code directly on the video card, and exposing APIs that provide direct access to video card APIs. The browsers have put in place some defenses against the security risks, but there seems to be some debate about whether those defenses will prove adequate in the long run. Yes, WebGL is indeed a potential security risk, though the magnitude of the risk is hard to assess and open to debate.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |