|
WebGL ? I had never heard of WebGL before and I'm sure quite a few among our readers are in the same boat. Yet it is implemented in Firefox 4 and Chrome and Safari browsers and apparently even turned on by default in Firefox 4 and Chrome. Yet, there's something wrong with its security. So what is WebGL? It's a way to let components on webpages display 3D models using the full power of the graphics card in the computer. Effectively this exposes some portions of the graphics card's software via the browser to the Internet. US-CERT recommends to turn off WebGL in the browsers that do support it (Firefox 4, Chrome, Safari (not enabled by default)) I've looked on my mac how to enable/disable WebGL in Firefox 4, Chrome and Safari, but have been unsuccessful so far as to find even a mention of WebGL in any of them [to be continued...]. References and far more detail:
Thanks go to James for the heads-up. -- |
Swa 760 Posts May 11th 2011 |
| Thread locked Subscribe |
May 11th 2011 1 decade ago |
|
firefox - browse to "about:config" and enter "webgl" in the filter. Double-click on "webgl.disabled".
|
Hal 50 Posts |
| Quote |
May 11th 2011 1 decade ago |
|
Chrome on Mac ... chrome://plugins should have it listed, but its not there in v11.
|
HackDefendr 65 Posts |
| Quote |
May 11th 2011 1 decade ago |
|
For Chrome here is a list of all the about:config like pages: hxxp://googlesystem.blogspot.com/2008/09/google-chromes-about-pages.html
|
HackDefendr 65 Posts |
| Quote |
May 11th 2011 1 decade ago |
|
The same day as http://chrome.angrybirds.com comes out! Sheesh...
|
HackDefendr 2 Posts |
| Quote |
May 11th 2011 1 decade ago |
|
What is the big issue here ?
Code is executed on a GPU, which has limited access to the main computer. It is many years ago, that Microsoft did do away with putting drivers in the outer ring for security. I think it was Windows 2000 or XP, they moved graphics drivers to kernel mode, to ensure all users could exploit vulnerabilities in the graphics drivers to do whatever they wanted. BTW: If this is such a big issue, we also need instructions on how to disable the hardware acceleration of Flash, it is probably in the same league. |
Povl H. 79 Posts |
| Quote |
May 12th 2011 1 decade ago |
|
I would be more worried about them using the general processing APIs like CUDA or STREAM to accelerate malware functions - whether that's local password cracking or whatever it opens up a massive amount of computing resources that the average user may not even notice is in use.
|
Povl H. 8 Posts |
| Quote |
May 12th 2011 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
