Big deal. What’s WebGL?
WebGL (Web Graphics Library) is an in development standard specification defining a JavaScript API for writing web applications utilizing hardware accelerated 3D graphics.
So, this is quite upsetting to the makers of Firefox and Chrome and that’s because they use it in all their versions since 4.x and 9.x, respectively. OK, they’ll patch it. Nope. The very architecture of webGL is what makes it vulnerable, and that’s going to make it very hard to fix.
Your antiviral/antimalware protect the usual routes of attack. They don’t protect your graphics card. That’ll be the route of attack…. Haha! Dumb Windows usres! Switch to Mac!
Nope, Windows, Linux and Apple OS’s are all vulnerable – oh yes, the Safari currently under development is vulnerable too.
The flaws researched by UK consultancy Context Information Security are serious enough, the company said, to allow an attacker to compromise the attacked PC through the poorly defended graphics card layer, or at the very least crash the system to make it more vulnerable to exploits.
The company confirmed that it had been able to exploit systems using proof-of-concept attacks with certain graphics cards in a way -- kernel mode -- that breached the most secure ring of an OS. – PCWorld
"The risks stem from the fact that most graphics cards and drivers have not been written with security in mind so that the interface (API) they expose assumes that the applications are trusted," said Context Research and Development Manager Michael Jordan.
Disabling WebGL in Firefox 4
Disabling WebGL varies from browser to browser but in Firefox involves setting a required value to "false" using the “about:config” command.
1. Type about:config in Firefox address bar and continue with warning dialog.
2. Type Webgl in the Filter box double click “ webgl.enabled_for_all_sites” and set its value to False.
3. Restart Firefox browser, WebGL is now disabled in Firefox 4.
From Techdows.
I’ve looked for instructions on how to do the same for Chrome, but can’t find any… unless you’re a programmer working for Google.
Source: http://www.pcworld.com/businesscenter/article/227434/webgl_hit_by_hardtofix_browser_security_flaw.html