Serious security risk in modern browsers

Discussion in 'User Submitted News' started by shadowmanwkp, Jun 17, 2011.

  1. shadowmanwkp
    OP

    shadowmanwkp Your roms are on another rom site

    Member
    486
    33
    Apr 17, 2008
    Netherlands
    Vleuten, The Netherlands
    [​IMG]

    Red alert for most browsers, there seems to be a serious security risk in modern browsers that use webgl, a fairly recent technology. The browsers that mainly use this technology are firefox and google chrome.

    In order to deliver advanced graphics and 3D rendering from the Web without introducing lag and impacting performance, WebGL interacts with the graphics driver at a core level. The low-level functionality of the graphics processor has always been shielded from executable code, and was not designed with security in mind.

    A new report that is based on continued research by Context, points out that webgl can pose a serious risk to a computer. Other testings have been done to determine if the actions taken by Khronos and browser vendors actually work to make WebGL safe. However, current updates do not remedy the problems. Web browsers that enable WebGL by default pose a security risk. In a nutshell, it appears that all browsers with webgl support are vulnerable to webgl exploits and should be disabled immediately.

    You can find instructions on how to disable webgl in firefox and google chrome here
    If you are on a mac and use google chrome you also need automator to add the arguments, info on that here
    (do not copy and paste the parameters! you only need to add the parameter that disables webgl that you can find in the link above!)[/p]

    [​IMG]Source 1 (news report)
    [​IMG]Source 2 (findings by context, contains tech-talk)
     
  2. Anakir

    Anakir Project: Melee

    Member
    2,253
    27
    Dec 20, 2006
    Canada
    Canada.
    inb4lulzsec.
     
  3. Nathan Drake

    Nathan Drake Obligations fulfilled, now I depart.

    Member
    6,192
    2,150
    Jan 2, 2011
    So basically, stop using the internet is the message I'm getting, as other browsers like IE aren't exceptionally safe themselves.
     
  4. DrOctapu

    DrOctapu Magnificent Bastard

    Member
    1,207
    300
    Dec 23, 2008
    United States
    Hell.
    Opera. From what I've read WebGL's only in Development Releases.
     
  5. Nathan Drake

    Nathan Drake Obligations fulfilled, now I depart.

    Member
    6,192
    2,150
    Jan 2, 2011
    It's in development releases of Opera and Safari.
    I hate both of those browsers. I'll stick with the one that may kill my computer.

    Oh, hey, look, this shit being unsafe isn't even anything new.

    The actual sentence is from Wikipedia. The article with said info is here - Source: http://www.contextis.co.uk/resources/blog/webgl/

    At least the sources from Wikipedia are reliable for what they have.
     
  6. shadowmanwkp
    OP

    shadowmanwkp Your roms are on another rom site

    Member
    486
    33
    Apr 17, 2008
    Netherlands
    Vleuten, The Netherlands
    Most browsers can disable webgl. In firefox for example you can go to about:config (just type it in your address bar and ignore the warning), then search for webgl.disabled it is false by default (thus it is on), but by double-clicking it, you can set it to true and disable the feature.
     
  7. Nathan Drake

    Nathan Drake Obligations fulfilled, now I depart.

    Member
    6,192
    2,150
    Jan 2, 2011
    Is there really any loss when disabling it? From what I've read WebGL as a whole is really new (premiering for FF in Firefox 4 judging by the date of release), so I'm not sure just how well it is utilized.
     
  8. s4mid4re

    s4mid4re  

    Member
    1,669
    430
    Apr 2, 2011
    United States
    I guess it's just for enhancing performance [​IMG]
     
  9. shadowmanwkp
    OP

    shadowmanwkp Your roms are on another rom site

    Member
    486
    33
    Apr 17, 2008
    Netherlands
    Vleuten, The Netherlands
    Some applications that rely on webgl will not function, but it is not necessary to turn it on. It has been stated several times in the first source that it is not necessary to turn it on. The first post is just a quick heads up for people and the sources go much deeper into the subject, I just wanted to avoid tech talk.
     
  10. SamAsh07

    SamAsh07 GBAtemp Addict

    Member
    2,696
    67
    Jan 27, 2009
    Bosnia and Herzegovina
    Bahrain
    Thanks for the news [​IMG] Just removed Google Chrome. Does IE9 also use WebGL?
     
  11. cwstjdenobs

    cwstjdenobs Sodomy non sapiens

    Member
    1,757
    1
    Mar 10, 2009
    Ankh-Morpork
    Nope. But nothing is really using WebGL yet anyhows, so just turning it off in chrome should be good enough.

    Also am I reading the sources wrong, or does it say this doesn't affect Linux? EDIT: Yes I was. That was just the DoS case.
     
  12. shadowmanwkp
    OP

    shadowmanwkp Your roms are on another rom site

    Member
    486
    33
    Apr 17, 2008
    Netherlands
    Vleuten, The Netherlands
    This is what context has found on ubuntu: Screen goes black after a few seconds and then recovers.Conformance Results Failures (out of 144 tests): chrome 4 times, firefox 21 times. This means linux is affected. Do note that it might be more severe than this, because we do not fully know what can be done with the exploit.

    Edit: ninja got ninja'ed
     
  13. david432111

    david432111 GBAtemp Advanced Fan

    Member
    859
    0
    Jul 17, 2008
    Denmark
    I don't have a copmuter, so I think I'm safe. [​IMG]
     
  14. R2DJ

    R2DJ GBAtemp Advanced Maniac

    Member
    1,900
    15
    Jan 30, 2008
    London
    Can anyone tell me how to disable WebGL on Chrome on a Mac? Thanks [​IMG]
     
  15. shadowmanwkp
    OP

    shadowmanwkp Your roms are on another rom site

    Member
    486
    33
    Apr 17, 2008
    Netherlands
    Vleuten, The Netherlands
    Just found a good link explaining it for both FF and chrome: http://techtrickz.com/how-to/disable-webgl...fox-quick-tips/ you can also find it in the first post. I don't use a mac personally, but you can probably use the same trick here.

    Edit: woop-tee-doo I was wrong, you actually need a separate program for that, you can read all about it here: http://superuser.com/questions/271678/how-...s/271697#271697
    The only thing you need to do is change the arguments a bit.
     
  16. naved.islam14

    naved.islam14 Gbatemp's Official Dark Knight™

    Member
    968
    38
    Sep 12, 2009
    Gotham
    Thank You, I don't want my laptop to be hacked.
     
  17. Hop2089

    Hop2089 Cute>Hot

    Member
    3,810
    209
    Jan 31, 2008
    United States
    Webgl has been disabled.

    Nice find there and quite easy to do.
     
  18. Slyakin

    Slyakin See ya suckers

    Member
    4,450
    40
    Oct 15, 2008
    United States
    Soviet Slyakin
    Yeah, I disabled webgl as well, but I don't want to see a loss in performance...

    Does anyone have examples of websites that use webgl?
     
  19. WiiUBricker

    WiiUBricker Insert Custom Title

    Member
    7,097
    4,193
    Sep 19, 2009
    Argentina
    Espresso
    I can't find webgl.disabled in the firefox config.
     
  20. Slyakin

    Slyakin See ya suckers

    Member
    4,450
    40
    Oct 15, 2008
    United States
    Soviet Slyakin
    In the bar near the top of the page, search "webgl"