Coffeehouse Post

Single Post Permalink

View Thread: Microsoft -- Why no WebGL?
  • User profile image

    , evildictaitor wrote

    Or this one, which still crashes my NVidia graphics drivers (part of which run in ring0, and hence Chrome's sandbox it just window dressing).

    Whoa! That certainly shows a problem with BOTH Google Chrome's and NVidia's implementations!  It's really annoying that a website can cause a computer to freeze like that. Google Chrome should work with NVIdia to fix that bug! However, the vulnerability isn't indicative of a flaw in WebGL or OpenGL itself, but instead indicates a crucial vulnerability in the implementation of the specification. 

    , evildictaitor wrote


    It also needs you to put your identity into the webpage for it to steal it. A ring-zero exploit in WebGL needs no such user-interaction. It can just install a driver and steal all of your keystrokes and files directly to the russian hackers that installed it.

    WebGL can easily be disabled from a command line option passed into most WebGL compliant browsers. Also; who says that WebGL HAS to run whenever a page requests it? Couldn't browsers make it so the user is required to OK the use of WebGL before it runs on the system? There's nothing that says that a browser can't do this.