Security

In May and June 2011, the aegis close Context Advice Aegis appear two letters on vulnerabilities that were present in Google Chrome and Mozilla Firefox WebGL implementations at the time. The letters provided archetype exploits able of cross-domain angel theft, cartoon anamnesis theft, and client-side abnegation of service.2528 This prompted the absolution of a WebGL aegis advising from the United States Computer Emergency Readiness Team (US-CERT)29; an advertisement by Microsoft that they could not endorse WebGL in its accepted form30; tweets from notable absolute experts John Carmack31 and Dan Kaminsky32; as able-bodied as responses from The Khronos Group33 and Mozilla34.

The afflicted browser vendors after addressed the cross-domain angel vulnerability by administration the aforementioned agent action on WebGL textures. The cartoon anamnesis annexation affair was anchored in Firefox 5. The adeptness of a awful calligraphy to blast or benumb the applicant apparatus charcoal a concern, depending on the robustness of the basal operating arrangement and cartoon driver, but does not acquiesce an antagonist to accretion ascendancy of the applicant apparatus or to abduct advice from it. As of March 2012, there are no WebGL-related entries in the National Vulnerability Database that would affect the currently aircraft adaptation of any browser