The Mechanics of a WebGL Attack


The UK security firm Context (with support from the US Computer Emergency Readiness Team (CERT) )  believes that the WebGL feature should be disabled after learning of a security threat that allows a code to be planted directly into a computer’s GPU.

The extent of the attack can vary depending on the attacker; some attacks can be a simple denial of service attack and others can be more severe with the additional use of HTML5 Canvas. As a result of these vulnerabilities Context believes that WebGL is not ready for mass usage and should be disabled in web browsers.


Source – Contextis

Categorised As:The Internet