Security flaws found in the WebGL standard

May 13, 2011 by Katie Gatto weblog
Security flaws found in the WebGL standard

(PhysOrg.com) -- Researchers at Context Information Security have issued a warning about the WebGL standard. The warning states that this standard has the potential to undermine the security concepts that are practiced by current operating system versions and provide a new set of opportunities for attacks on a variety of system.

The standard, which is designed to enabled the rendering of 3D animations, executes the shader code directly on the system's graphics card. While this may make graphics rendering simpler, it does however make a space for the exploitation. If the graphics card has any in it the system could be breached. This level of vulnerability is something that the Khronos Group, who are the creators of the WebGL standard, have acknowledged the possibility of in the WebGL specifications.

How serious are the potential vulnerabilities? Well, the researchers at Context say that they have been able to create the blue screen of death by using an exploitation that targets the overloading of a graphics card. While some of the current operating systems do have a fail-safe that rests an overloaded graphics card after a few seconds, the blue screen of death can be reached after a certain number of resets.

The flaw could also, according to the researchers, be used to not just create the blue screen of death, but to inject onto the system.

There is no word yet as to whether or not the standard will be changed, or when any changes to the standard would be implemented. Since the problem is already known and published in the standard it may not change at all.

Explore further: Upgrade to iOS 8 now or wait?

More information: Report: www.contextis.com/resources/blog/webgl/

Related Stories

Superior 3D Graphics for the Web a Step Closer

Sep 22, 2009

(PhysOrg.com) -- The development of improved three-dimensional graphics in Web-based applications took a step forward recently, when programmers began building WebGL into the Mozilla Firefox nightly builds, ...

Crucial Technology Launches High-Powered Video Card Lineup

Jul 07, 2004

New graphics card line features the much-anticipated Crucial RADEON X800 Pro Meridian, Idaho, July 7, 2004 – Crucial Technology, a division of Micron Semiconductor Products, Inc. which is a wholly owned subsidiary of Micro ...

An Innovative HyperMemory Technology from ATI Reduces PC Costs

Sep 18, 2004

HyperMemory uses PCI Express to enable maximum graphics processing performance while lowering overall PC cost ATI Technologies announced HyperMemory, an innovative technology that reduces PC system costs by allowing its visual p ...

Samsung Develops Ultra-fast Graphics Memory

Feb 14, 2006

Samsung Electronics announced that it has developed the world’s fastest graphics memory - a GDDR4 graphics DRAM chip with much faster processing than an earlier version that Samsung led the industry in prototyping ...

Recommended for you

Apple iOS 8 software bug affects health apps

13 hours ago

A bug in Apple's new iOS 8 software for mobile devices is prompting the company to withhold apps that use a highly touted feature for keeping track of fitness and health data.

Researchers find parking space solution in PocketParker

22 hours ago

Looking for a parking spot? Circling round and round in a lot, feeling the heat of no luck no matter where you look? Could smartphone-tracking movements be of any help? Caleb Garling in MIT Technology Review ...

User comments : 0