WebGL security holes highlighted


WebGL has raised security concerns

Context Information Security has published concerns about WebGL on its blog. The technology is increasingly used for 3D graphics online, but Context Information Security says a vulnerability in the Firefox browser “made it possible for malicious web pages to capture any screenshot from a target PC”. The company claims that none of the current implementations comply with WebGL conformance standards, raising serious questions for Khronos, the consortium that drew up the WebGL specification and conformance tests.

“While Mozilla has taken steps to mitigate the original vulnerabilities and will fix this latest threat in the new version of its browser, scheduled for release on 21 June, we believe this is the tip of the iceberg for the difficult adoption of this immature technology, leaving users vulnerable,” says Michael Jordon, research and development manager at Context.

He admits it would be unreasonable to expect full conformance to the complete specification of any new standard, but suggests “some areas of WebGL need to be carefully implemented to prevent security issues arising”.

Jordon recommends disabling WebGL until security vulnerabilities are addressed, and suggests investigating the Firefox NoScript plug-in that enables you to selectively disable WebGL.

Thank you for reading 5 articles this month* Join now for unlimited access

Enjoy your first month for just £1 / $1 / €1

*Read 5 free articles per month without a subscription

Join now for unlimited access

Try first month for just £1 / $1 / €1

The Creative Bloq team is made up of a group of design fans, and has changed and evolved since Creative Bloq began back in 2012. The current website team consists of eight full-time members of staff: Editor Georgia Coggan, Deputy Editor Rosie Hilder, Ecommerce Editor Beren Neale, Senior News Editor Daniel Piper, Editor, Digital Art and 3D Ian Dean, Tech Reviews Editor Erlingur Einarsson and Ecommerce Writer Beth Nicholls and Staff Writer Natalie Fear, as well as a roster of freelancers from around the world. The 3D World and ImagineFX magazine teams also pitch in, ensuring that content from 3D World and ImagineFX is represented on Creative Bloq.