- A number of serious security issues have been identified with the specification and implementations of WebGL.
- These issues can allow an attacker to provide malicious code via a web browser which allows attacks on the GPU and graphics drivers. These attacks on the GPU via WebGL can render the entire machine unusable.
- Additionally, there are other dangers with WebGL that put users’ data, privacy and security at risk.
- These issues are inherent to the WebGL specification and would require significant architectural changes in order to remediate in the platform design. Fundamentally, WebGL now allows full (Turing Complete) programs from the internet to reach the graphics driver and graphics hardware which operate in what is supposed to be the most protected part of the computer (Kernel Mode).
- Browsers that enable WebGL by default put their users at risk to these issues.
Read full story
I don’t know much about WebGL, but I found this on another website (http://learningwebgl.com/cookbook/index.php/WebGL:_Frequently_Asked_Questions#What_about_security.3F)
It is possible that updates to the browsers will fix this, though for technical reasons it’s a tough problem to solve without severely limiting the kinds of 3D graphics you can do in WebGL.