Skip to main content

Mozilla spars with Microsoft over WebGL security

WebGL general graphic
Image used with permission by copyright holder

Last week, Microsoft raised some hackles in the Web development community by claiming that there was no way to implement the WebGL open 3D graphics standard in Internet Explorer without exposing users to unacceptable potential security risks.

WebGL is a 3D graphics environment build on OpenGL 2.0, used for many 3D games and technologies, and promises to bring hardware-accellerated 3G graphics support to Web browsers. Google Chrome and Mozilla Firefox already support WebGL, and Opera and Safari are working on support. However, while Microsoft has made many strides with Internet Explorer 9—and is already showing off work on IE10— Internet Explorer offers no support for WebGL.

In a detailed posting, Microsoft outlined its primary reasons for considering WebGL a security risk: that WebGL exposes hardware functionality (e.g. video cards and processing) to Web content in an “overly permissive” way, that WebGL security servicing relies too heavily on third party components, and that today’s graphics systems were never intended to cope with shaders and 3D geometries that are specifically designed as attacks.

“We believe that WebGL will likely become an ongoing source of hard-to-fix vulnerabilities,” Microsoft wrote. “In its current form, WebGL is not a technology Microsoft can endorse from a security perspective.”

Microsoft also cited two reports from Context Information Security that outlined security issued in WebGL.

Not surprisingly, WebGL supporters take issue with Microsoft’s position, and leading the charge for the moment is Mozilla’s VP of technical strategy, Mike Shaver, who notes that Microsoft seems to overcome all of the concerns it has over WebGL in its own Silverlight technology. Although Silverlight uses Microsoft’s own Direct3D technology on Windows, on Mac OS X Silverlight taps into OpenGL in pretty much the same manner as WebGL.

“I suspect that whatever hardening [Microsoft] applied to the low-level D3D API wrapped by Silverlight 3D can be applied to a Microsoft WebGL implementation as well,” Shaver wrote. “That Silverlight supports Mac as well, where these capabilities must be mapped to OpenGL, makes me even more confident.”

Shaver acknowledges security issues in WebGL are real—including bugs that impact Firefox’s WebGL implementation. However, Shaver argues these issues are like security issues in any other technology and are being addressed by a responsible ecosystem of partners and developers.

“It may be that we’re more comfortable living on top of a stack we don’t control all the way to the metal than are OS vendors,” Shaver wrote, “but our conversations with the developers of the drivers in question make us confident that they’re as committed as us and Microsoft to a robust and secure experience for our shared users.”

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
AMD’s next-gen CPUs are much closer than we thought
AMD Ryzen 7 7800X3D held between fingertips.

We already knew that AMD would launch its Zen 5 CPUs this year, but recent motherboard updates hint that a release is imminent. Both MSI and Asus have released updates for their 600-series motherboards that explicitly add support for "next-generation AMD Ryzen processors," setting the stage for AMD's next-gen CPUs.

This saga started a few days ago when hardware leaker 9550pro spotted an MSI BIOS update, which they shared on X (formerly Twitter). Since then, Asus has followed suit with BIOS updates of its own featuring a new AMD Generic Encapsulated Software Architecture (AGESA) -- the firmware responsible for starting the CPU -- that brings support for next-gen CPUs (spotted by VideoCardz).

Read more
AMD Zen 5: Everything we know about AMD’s next-gen CPUs
The AMD Ryzen 5 8600G APU installed in a motherboard.

AMD Zen 5 is the next-generation Ryzen CPU architecture for Team Red and is slated for a launch sometime in 2024. We've been hearing tantalizing rumors for a while now and promises of big leaps in performance. In short, Zen 5 could be very exciting indeed.

We don't have all the details, but what we're hearing is very promising. Here's what we know about Zen 5 so far.
Zen 5 release date and availability
AMD confirmed in January 2024 that it was on track to launch Zen 5 sometime in the "second half of the year." Considering the launch of Zen 4 was in September 2022, we would expect to see Zen 5 desktop processors debut around the same timeframe, possibly with an announcement in the summer at Computex.

Read more
Is this Razer’s Steam Deck killer?
The Razer Kishi Ultra sitting on a table.

Razer has been oddly quiet in the burgeoning world of handheld gaming PCs. When I met up with the company at the Game Developers Conference (GDC) to learn about its new products, I was happy to hear it had an answer to the success of the Steam Deck.

But it was not the type of answer I was expecting.

Read more