Mozilla spars with Microsoft over WebGL security

WebGL general graphic

Last week, Microsoft raised some hackles in the Web development community by claiming that there was no way to implement the WebGL open 3D graphics standard in Internet Explorer without exposing users to unacceptable potential security risks.

WebGL is a 3D graphics environment build on OpenGL 2.0, used for many 3D games and technologies, and promises to bring hardware-accellerated 3G graphics support to Web browsers. Google Chrome and Mozilla Firefox already support WebGL, and Opera and Safari are working on support. However, while Microsoft has made many strides with Internet Explorer 9—and is already showing off work on IE10— Internet Explorer offers no support for WebGL.

In a detailed posting, Microsoft outlined its primary reasons for considering WebGL a security risk: that WebGL exposes hardware functionality (e.g. video cards and processing) to Web content in an “overly permissive” way, that WebGL security servicing relies too heavily on third party components, and that today’s graphics systems were never intended to cope with shaders and 3D geometries that are specifically designed as attacks.

“We believe that WebGL will likely become an ongoing source of hard-to-fix vulnerabilities,” Microsoft wrote. “In its current form, WebGL is not a technology Microsoft can endorse from a security perspective.”

Microsoft also cited two reports from Context Information Security that outlined security issued in WebGL.

Not surprisingly, WebGL supporters take issue with Microsoft’s position, and leading the charge for the moment is Mozilla’s VP of technical strategy, Mike Shaver, who notes that Microsoft seems to overcome all of the concerns it has over WebGL in its own Silverlight technology. Although Silverlight uses Microsoft’s own Direct3D technology on Windows, on Mac OS X Silverlight taps into OpenGL in pretty much the same manner as WebGL.

I suspect that whatever hardening [Microsoft] applied to the low-level D3D API wrapped by Silverlight 3D can be applied to a Microsoft WebGL implementation as well,” Shaver wrote. “That Silverlight supports Mac as well, where these capabilities must be mapped to OpenGL, makes me even more confident.”

Shaver acknowledges security issues in WebGL are real—including bugs that impact Firefox’s WebGL implementation. However, Shaver argues these issues are like security issues in any other technology and are being addressed by a responsible ecosystem of partners and developers.

“It may be that we’re more comfortable living on top of a stack we don’t control all the way to the metal than are OS vendors,” Shaver wrote, “but our conversations with the developers of the drivers in question make us confident that they’re as committed as us and Microsoft to a robust and secure experience for our shared users.”

Computing

Your ‘Do Not Track’ tool might be helping websites track you, study says

New research from the "Do Not Track" features embedded in popular browsers are being ignored, opening up the possibility of consumers having their information targeted by specific ads based on their web histories and cookies. 
Gaming

These are the best Xbox One games out right now

More than four years into its lifespan, Microsoft's latest console is finally coming into its own. From 'Cuphead' to 'Halo 5,' the best Xbox One games offer something for everyone.
Computing

Is the Pixelbook 2 still happening? Here's everything we know so far

What will the Pixelbook 2 be like? Has the Pixel Slate taken its place? Google hasn't announced it, but thanks to rumors and leaks, we think we have a pretty good idea of what the potential new flagship Chromebook will be like.
Computing

Tired of choosing between Windows and Mac? Check out these Chromebooks instead

We've compiled a list of the best Chromebooks -- laptops that combine great battery life, comfortable keyboards, and the performance it takes to run Google's lightweight Chrome OS. From Samsung to Acer, these are the Chromebooks that really…
Computing

Samsung Chromebook Plus V2 vs. Google Pixelbook

Samsung's Chromebook Plus V2 attempts to answer the question: can you spend around half as much as on the premium Google Pixelbook and be happy that you saved some serious cash?
Computing

Protecting your PDF with a password isn't difficult. Just follow these steps

If you need to learn how to password protect a PDF, you have come to the right place. This guide will walk you through the process of protecting your documents step by step, whether you're running a MacOS or Windows machine.
Computing

'World's best gaming processor'? We put Intel's new i9 through the ringer

Intel has launched the first Core i9 for the average gamer. Despite some controversies around its release, it’s the fastest gaming processor we’ve yet tested.
Computing

Google Chrome 70 is finally getting a picture-in-picture mode

Picture-in-picture mode is finally coming to Google Chrome 70 on Mac, Linux, and Windows. The feature not only applies to YouTube but also any other website where developers have chosen to implement it.
Computing

Intel's 9th-gen chips could power your next rig. Here's what you need to know

The Intel Core i9-9900K processor was the star of the show for consumers, but a powerful 28-core Xeon processor also led announcements. Here's everything you need to know about the latest Intel chipsets.
Computing

Core i9s and Threadrippers are all powerful, but should you go AMD or Intel?

The battle for the top prosumer CPUs in the world is on. In this head to head, we pit the Core i9 versus the Threadripper to see which is the best when it comes to maximizing multi-core performance on a single chip.
Computing

Despite serious security flaws, D-Link will (again) not patch some routers

D-Link revealed that it won't patch six router models despite warnings raised by a security researcher. The manufacturer, for the second time in a span of about a year, cited end-of-life policies for its decision to not act.
Computing

Apple’s latest feature ensures MacOS apps are safer than ever

MacOS is mythically known for being more immune to viruses than Windows, but that doesn't mean there isn't room to make it safer. Apple is using an app notarization feature to protect users from downloading malicious apps.
Computing

There’s now proof that quantum computing is superior to the classical variety

For the first time in computer science history, researchers have tangibly demonstrated how a quantum computer is better than a classical computer. A quantum computer was able to solve a math problem that a classical PC cannot.
Computing

In 2018, the rivalry between AMD and Intel has become more interesting than ever

When it comes to selecting a CPU for your PC, there's no shortage of chips for you to choose from. With Ryzen, Threadripper, and Core i9 CPUs though, the AMD vs. Intel argument is muddier than ever.