Microsoft’s refusing to endorse WebGL, saying its security risks make it ‘harmful’, as an independent research firm finds a swath of flaws.
It’s supported in Mozilla Firefox and Google Chrome, and is promised for future versions of Safari and Opera.
But in a blog post yesterday, Microsoft said it believes that products supporting WebGL would have difficulty passing its Security Development Lifecycle requirements.
Browser support for WebGL directly exposes hardware functionality to the web, says Microsoft. This has never been the case before, and graphics processors simply aren’t designed with security in mind.
“The security of WebGL as a whole depends on lower levels of the system, including OEM drivers, upholding security guarantees they never really need to worry about before,” writes its security team.
“Attacks that may have previously resulted only in local elevation of privilege may now result in remote compromise.”
And it’s worried that browser support for WebGL security servicing responsibility relies too heavily on third parties. There are a range of problematic system DoS scenarios, which mitigations such as ARB_robustness and the forthcoming ARB_robustness_2 won’t do much to help.
All in all, it says, “We believe that WebGL will likely become an ongoing source of hard-to-fix vulnerabilities.”
And consultancy Context agrees. After highlighting a number of flaws last month, its latest discovery is that it’s possible to steal user data through web browsers using a vulnerability in Firefox’s implementation of WebGL.
The company evaluated Chrome and Firefox WebGL implementations against the conformance test suite devised by Khronos – and found that none of the current implementations complied.
“Anyone running Firefox 4 with WebGL support is vulnerable to having malicious web pages capture screenshots of any window on their system,” it concludes.