Firefox, Chrome, Opera & Safari users beaware

Glenn · May 11, 2011, 17:04:05

The US Computer Emergency Readiness Team is advising users of the Mozilla Firefox and Google Chrome browsers to disable a recently added graphics engine that can be exploited to take control of end user computers.

The web standard known as WebGL opens the browsers to serious attacks, including the remote execution of malicious code, independent research consultancy Context Information Security recently warned. The technology made its debut in version 9 of Chrome and was added to the recently released Firefox 4. WebGL is also present in builds of Opera and Apple's Safari.

http://www.theregister.co.uk/2011/05/11/chrome_firefox_security_threat/

Technical Ben · May 11, 2011, 17:23:08

More plugins external to HTML with vulnerabilities? Did ActiveX teach them nothing?

Rik · May 11, 2011, 17:41:09

Apparently not, Ben. Makes you despair, doesn't it.

Steve · May 11, 2011, 18:41:02

All browsers are dangerous, read a book or a newspaper.

It's all getting bloody ridiculous,they'll be saying smoking's dangerous soon.

Rik · May 11, 2011, 18:41:53

I can remember a time when doctors thought it was beneficial, Steve.

gizmo71 · May 11, 2011, 18:44:26

Quote from: Rik on May 11, 2011, 18:41:53
I can remember a time when doctors thought it was beneficial, Steve.

Red wine still is though, isn't it?

Steve · May 11, 2011, 18:45:44

Today yes, tomorrow who knows.

Rik · May 11, 2011, 18:51:23

The next academic looking to make their name with some dubious piece of research.

Steve · May 11, 2011, 18:52:58

Back to topic at least with Safari you have to enable it whereas as with FF4 and Chrome it's enabled by default I believe .

Rik · May 11, 2011, 18:54:09

There speaks a Mac convert.

DorsetBoy · May 11, 2011, 19:10:56

WebGL is NOT in the current stable release of Opera despite what they say here, there is a preview release available of Opera/WebGL but you have nothing to worry about unless you have downloaded this preview.

Why are developers using this system in any browser when there have been flaws known and warnings previously given?

Technical Ben · May 11, 2011, 20:31:03

Quote from: gizmo71 on May 11, 2011, 18:44:26
Red wine still is though, isn't it?

Depends if you remember to take it out of the bottle before trying to consume it.

Lance · May 11, 2011, 22:42:17

Time to start using IE 9!!!

esh · May 11, 2011, 23:26:22

Internet identified as security threat. Lock up your computers! News at 11.

Den · May 12, 2011, 07:30:09

Quote from: Lance on May 11, 2011, 22:42:17
Time to start using IE 9!!!

Steve · May 12, 2011, 07:38:48

If anyone wants to see some WebGL here's a few examples - http://www.chromeexperiments.com/webgl/ I can confirm it's no go with Safari but they do work on FF4 and Chrome.

If you wish to disable it

"In Firefox 4, type "about:config" (minus the quotes) into the address bar and set webgl.disabled to true. In Chrome, get to the command line of your operating system and add the --disable-webgl flag to the Chrome command. On a Windows machine, the command line would be "chrome.exe --disable-webgl".

http://www.theregister.co.uk/2011/05/11/chrome_firefox_security_threat/

gizmo71 · May 12, 2011, 10:23:09

I explicitly turned it off in FireFox, but their example page didn't work before I did that, which suggests they aren't as clever as they think they are.

Reading the details of the exploit it's pretty noddy stuff, not good but hardly a full on remote code execution issue.

Flash is far more scary!

Gary · May 12, 2011, 18:54:22

Quote from: Steve on May 11, 2011, 18:52:58
Back to topic at least with Safari you have to enable it whereas as with FF4 and Chrome it's enabled by default I believe .

Very true, shame Safari was the first browser to fall in the pwn2own contest though

Technical Ben · May 12, 2011, 21:50:57

Quote from: Lance on May 11, 2011, 22:42:17
Time to start using IE 9!!!

IE 10 must be the safest so far though right?