The US Computer Emergency Readiness Team is advising users of the Mozilla Firefox and Google Chrome browsers to disable a recently added graphics engine that can be exploited to take control of end user computers.
The web standard known as WebGL opens the browsers to serious attacks, including the remote execution of malicious code, independent research consultancy Context Information Security recently warned. The technology made its debut in version 9 of Chrome and was added to the recently released Firefox 4. WebGL is also present in builds of Opera and Apple's Safari.
http://www.theregister.co.uk/2011/05/11/chrome_firefox_security_threat/
More plugins external to HTML with vulnerabilities? Did ActiveX teach them nothing?
Apparently not, Ben. Makes you despair, doesn't it.
All browsers are dangerous, read a book or a newspaper. >:D It's all getting bloody ridiculous,they'll be saying smoking's dangerous soon.
;D
I can remember a time when doctors thought it was beneficial, Steve.
Quote from: Rik on May 11, 2011, 18:41:53
I can remember a time when doctors thought it was beneficial, Steve.
Red wine still is though, isn't it? :fingers:
Today yes, tomorrow who knows.
The next academic looking to make their name with some dubious piece of research.
Back to topic at least with Safari you have to enable it whereas as with FF4 and Chrome it's enabled by default I believe .
There speaks a Mac convert. :evil:
WebGL is NOT in the current stable release of Opera despite what they say here, there is a preview release available of Opera/WebGL but you have nothing to worry about unless you have downloaded this preview.
Why are developers using this system in any browser when there have been flaws known and warnings previously given?
Quote from: gizmo71 on May 11, 2011, 18:44:26
Red wine still is though, isn't it? :fingers:
Depends if you remember to take it out of the bottle before trying to consume it.
Time to start using IE 9!!!
Internet identified as security threat. Lock up your computers! News at 11.
If anyone wants to see some WebGL here's a few examples - http://www.chromeexperiments.com/webgl/ I can confirm it's no go with Safari but they do work on FF4 and Chrome.
If you wish to disable it
"In Firefox 4, type "about:config" (minus the quotes) into the address bar and set webgl.disabled to true. In Chrome, get to the command line of your operating system and add the --disable-webgl flag to the Chrome command. On a Windows machine, the command line would be "chrome.exe --disable-webgl".
http://www.theregister.co.uk/2011/05/11/chrome_firefox_security_threat/
I explicitly turned it off in FireFox, but their example page didn't work before I did that, which suggests they aren't as clever as they think they are.
Reading the details of the exploit it's pretty noddy stuff, not good but hardly a full on remote code execution issue.
Flash is far more scary! >:D
Quote from: Steve on May 11, 2011, 18:52:58
Back to topic at least with Safari you have to enable it whereas as with FF4 and Chrome it's enabled by default I believe .
Very true, shame Safari was the first browser to fall in the pwn2own contest though :whistle: ;)
Quote from: Lance on May 11, 2011, 22:42:17
Time to start using IE 9!!!
IE 10 must be the safest so far though right? :whistle: