Security firm Context has warned users of Chrome and Firefox browsers to turn off their WebGL tool following 'significant' security problems.
Part of the HTML5 Canvas functionality, WebGL is a rendering engine that allows 3D images and animations without plugins. It is used in the latest versions of Chrome and Firefox, as well as the newest builds of Safari.
“The risks stem from the fact that most graphics cards and drivers have not been written with security in mind so that the interface (API) they expose assumes that the applications are trusted,” says Michael Jordon, research and development Manager at Context.
“While this may be true for local applications, the use of WebGL-enabled browser-based applications with certain graphics cards now poses serious threats from breaking the cross-domain security principle to denial-of-service attacks, potentially leading to full exploitation of a user’s machine.”