A WebGL 3D rendering security flaw has been found in Firefox and Google Chrome browsers. Security researchers recommend users turn off WebGL. WebGL displays 3D graphics in browsers. The flaw is proof of concept in that security researchers identified a low level back door graphics card (GPU) hacking opportunity.
WebGL script, the WebGL component (including API) could be used to upload a malicious WebGL script to a graphics card and disable a PC. This would only work if the graphics driver wasn’t patched with the latest version. Note: Apple Safari doesn’t have WebGL on as default but is used in smartphones. Yikes! 🙁 Let’s hope mobile browser developers consider plugging the hole.
Alternatively, if you are a brave person you can attempt this with Firefox:
- Type into the URL bar “about:config” and click the “I’ll be careful” button
- Find the setting “webgl.disabled” and set it to true
Google Chrome: To disable WebGL in Google Chrome you will need to:
- Right-click your Google Chrome shortcut or from your Windows menu on your desktop, click ‘properties’ and add “-disable-webgl” to the Target Shortcut box
Safe surfing folks!