, evildictaitor wrote

Or this one, which still crashes my NVidia graphics drivers (part of which run in ring0, and hence Chrome's sandbox it just window dressing).

https://cvs.khronos.org/svn/repos/registry/trunk/public/webgl/sdk/tests/extra/lots-of-polys-example.html

Whoa! That certainly shows a problem with BOTH Google Chrome's and NVidia's implementations!  It's really annoying that a website can cause a computer to freeze like that. Google Chrome should work with NVIdia to fix that bug! However, the vulnerability isn't indicative of a flaw in WebGL or OpenGL itself, but instead indicates a crucial vulnerability in the implementation of the specification. 

, evildictaitor wrote

*snip*

It also needs you to put your identity into the webpage for it to steal it. A ring-zero exploit in WebGL needs no such user-interaction. It can just install a driver and steal all of your keystrokes and files directly to the russian hackers that installed it.

WebGL can easily be disabled from a command line option passed into most WebGL compliant browsers. Also; who says that WebGL HAS to run whenever a page requests it? Couldn't browsers make it so the user is required to OK the use of WebGL before it runs on the system? There's nothing that says that a browser can't do this.