Security Holes Found In WebGL Technology?

The one thing that is great when it comes to today’s modern browser war is that we are starting to see the introduction of a lot of great technologies being blended into the browser. It is no longer the matter of hacks and plugins forcibly being integrated into the browser to be able to do something interesting. Now the technology exists right in the browser thanks to the introduction of both HTML 5 and CSS 3. And the best thing about is that all of the major browser makers are determined to have these technologies baked into their browsers.

One of the new technologies that have been introduced into the HTML 5 spec is known as WebGL. If you have ever been a hobby creator of video games then there is a good chance that the end of the name looks familiar to you. It has the same meaning as the popular 3D engine openGL. The big difference is that WebGL is a 3D engine for the web.

are there security holes in WebGL technology?

So what is WebGL exactly?

As I said earlier in the article, WebGL is a 3D engine to be used on the web. The letters stand for Web Graphics Library. What the technology is meant to do is use a combination of both JavaScript and the Canvas technology in the HTML 5 spec to create and manipulate 3D images. For example, if you wanted to create a 3D game to be used on the internet, in the past you would have to resort to technologies such as Java or Flash. Now that is no longer the case. You can use the baked in technologies of the browser to make these games.

The one problem with the WebGL standard is that so far all of the browsers are not implementing it yet. The lone holdout has been Microsoft and their widely used Internet Explorer browser. While some people think that Microsoft is playing politics and do not want the technology to compete with their own 3D engine Direct X, they claim that it is something different entirely. They claim that the standard is not as safe as people think that it is.

So what is the security problem when it comes to WebGL?

The whole issue started when a computer security company named Context was able to find a big security hole in the current implementation of WebGL. They claimed that you were able to cause the browser to purposely freeze due to an illegal use of Shaders. They also found that on Mac OS X and on Windows XP, you were able to use a weakness in WebGL to be able to write pages that would allow you to look at other parts of the users screen. These problems have since been fixed. There was also a problem with cross site images that has known been fixed as well. So as you can see these are serious problems and not ones that can be overlooked. If any of these security problems were to find their way to the end users computer then they could cause an introduction of exploits to do even worse activities on the user’s computer.

No matter how these problems came to light, and there is much speculation as to how they did, they are security problems and ones that should be addressed soon. If you are going to have a standard technology for people to use then it must be safe. A technology like this really digs into the hardware of the computer and lets the browser manipulates technologies native that it never has before. Since this is a new aspect of browser technology let’s walk slow and make sure that we get it right.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind