How to block Firefox and Chrome WebGL execution

A WebGL 3D rendering security flaw has been found in Firefox and Google Chrome browsers. Security researchers recommend users turn off WebGL. WebGL displays 3D graphics in browsers. The flaw is proof of concept in that security researchers identified a low level back door graphics card (GPU) hacking opportunity.

WebGL script, the WebGL component (including API) could be used to upload a malicious WebGL script to a graphics card and disable a PC. This would only work if the graphics driver wasn’t patched with the latest version. Note: Apple Safari doesn’t have WebGL on as default but is used in smartphones. Yikes! 🙁 Let’s hope mobile browser developers consider plugging the hole.

Firefox: For added browser security I like to use NoScript (created by Giorgio Maone). NoScript addon provides WebGL blocking support when Javascript is not allowed. You will need to check “”NoScript Options|Embedding|Forbid WebGL”, and allowed per-site by clicking on a placeholder of the blocked canvas or by using the “Blocked objects…” menu. It’s not for novices I’m afraid but if you are prepared to learn, it will be worth your time. 🙂

Alternatively, if you are a brave person you can attempt this with Firefox:

  • Type into the URL bar “about:config” and click the “I’ll be careful” button
  • Find the setting “webgl.disabled” and set it to true

Google Chrome: To disable WebGL in Google Chrome you will need to:

  • Right-click your Google Chrome shortcut or from your Windows menu on your desktop, click ‘properties’ and add “-disable-webgl” to the Target Shortcut box

Safe surfing folks!

This entry was posted in browser and tagged , . Bookmark the permalink.

2 Responses to How to block Firefox and Chrome WebGL execution

  1. Dale Phurrough says:

    The Google Chrome steps are incomplete and I know of no workaround. This only disables WebGL if you launch Chrome from those icons/shortcuts. If you instead launch Chrome by opening a favorite, url shortcut, link within another document (email, pdf, word, etc.), it will launch Chrome from settings in the Windows registry and therefore NOT see the command line flag. It will unfortunately launch with WebGL support.

    No known fix.

  2. James Mashele says:

    This advice is well intentioned but the problem usually is that FF goes loco and needs to be uninstalled and discarded. I use the Search function to find all the “missed” bits and CCleaner to clear the rest of the Registry. Then I dl and install the latest FF version. An’ then I gotta find, research an’ re-learn all these werry helpful hints every time FF develops a need to suicide. In short, it’s unstable over an extended period.

    And there is no way to save any settings for future usage.

    The cycle operates over three – four month an’ I got better things to do than nurse these hissy fits.

    Nine months ago I reformatted my XPOS and reinstalled all my favourite apps in order to extend the life of the laptop for another few years. I musta done a good job ‘cos I’ve had zero issues with any other software. Sadly, IE8 is, for security reasons, no longer a viable option and being experienced with TBB opted for FF.

    This search for a no-fuss browser which can use NoScript and ADBlock is frustrating an’ boring. I’d love an updated version of IE8 for XP which doesn’t require the “usual” add-ons which FF apparently needs to make it halfway decent, but Microsoft refuses to see these matters my way.

    And while I’m doing this leetle rant can/will someone recommend a e-mail manager which will link to gmail an’ hotmail – please!

    I’ll check back again, soonest!
    Thankee for y’alls attention…

Leave a Reply

Your email address will not be published. Required fields are marked *