The one thing that is great when it comes to today’s modern browser war is that we are starting to see the introduction of a lot of great technologies being blended into the browser. It is no longer the matter of hacks and plugins forcibly being integrated into the browser to be able to do something interesting. Now the technology exists right in the browser thanks to the introduction of both HTML 5 and CSS 3. And the best thing about is that all of the major browser makers are determined to have these technologies baked into their browsers.
One of the new technologies that have been introduced into the HTML 5 spec is known as WebGL. If you have ever been a hobby creator of video games then there is a good chance that the end of the name looks familiar to you. It has the same meaning as the popular 3D engine openGL. The big difference is that WebGL is a 3D engine for the web.
So what is WebGL exactly?
The one problem with the WebGL standard is that so far all of the browsers are not implementing it yet. The lone holdout has been Microsoft and their widely used Internet Explorer browser. While some people think that Microsoft is playing politics and do not want the technology to compete with their own 3D engine Direct X, they claim that it is something different entirely. They claim that the standard is not as safe as people think that it is.
So what is the security problem when it comes to WebGL?
The whole issue started when a computer security company named Context was able to find a big security hole in the current implementation of WebGL. They claimed that you were able to cause the browser to purposely freeze due to an illegal use of Shaders. They also found that on Mac OS X and on Windows XP, you were able to use a weakness in WebGL to be able to write pages that would allow you to look at other parts of the users screen. These problems have since been fixed. There was also a problem with cross site images that has known been fixed as well. So as you can see these are serious problems and not ones that can be overlooked. If any of these security problems were to find their way to the end users computer then they could cause an introduction of exploits to do even worse activities on the user’s computer.
No matter how these problems came to light, and there is much speculation as to how they did, they are security problems and ones that should be addressed soon. If you are going to have a standard technology for people to use then it must be safe. A technology like this really digs into the hardware of the computer and lets the browser manipulates technologies native that it never has before. Since this is a new aspect of browser technology let’s walk slow and make sure that we get it right.