MSFN Forum: WebGL flaws give hackers a new point of entry (FF, Chrome)

Jump to content






Icon Latest News Comments


Icon MSFN Statistics

  • Total Posts 802643
  • Total Members 102368
  • Newest Member motzu83 
  • Online At Once Record 17869
  • Online Now: 2104



    Icon Recommended Sites

    AskVG.com Bink Filehorse FreewareFiles IT Magazine lunarsoft Where unprofessional journalism looks better OSNN TechLog The Windows Club WinBeta

WebGL flaws give hackers a new point of entry (FF, Chrome) ***--

Posted on May 10 2011 10:38 AM by xper  in Security | Viewed 1297 Times

Security researchers at the U.K.'s Context Information Security have identified serious flaws in the WebGL graphics standard used by default in Firefox 4 and Google Chrome; they're also available in Apple's Safari browser. The researchers recommend disabling the technology, which helps generate 3D graphics on websites. The flaws could be used to open an attack vector on a PC's graphics drivers, which in turn open access to the OS kernel.

Context did not go into specifics on the vulnerabilities but said it had exploited them with proof-of-concept attacks. Most worrisome: The attacks take advantage of major architectural flaws to go straight to what is supposed to be the most secure part of an operating system.

"These issues are inherent to the WebGL specification and would require significant architectural changes in order to remediate in the platform design," wrote Context security consultant James Forshaw. "Fundamentally, WebGL now allows full (Turing Complete) programs from the Internet to reach the graphics driver and graphics hardware, which operate in what is supposed to be the most protected part of the computer (Kernel Mode)."

Because WebGL is a browser-based technology, the vulnerabilities apply to Windows, Mac OS X, and Linux systems alike. Context has even gone so far as to argue that WebGL was not ready for mass distribution because of the severity of the security issues.

Source: InfoWorld




0 Comments

Page 1 of 1

No comments have been made yet

You do not have permission to leave comments on this article
Page 1 of 1



All trademarks mentioned on this page are the property of their respective owners
Copyright © 2001 - 2013 msfn.org
Privacy Policy