Chrome and Firefox users warned to turn off WebGL

Nicole Kobie May 11, 2011

Firefox and Chrome users are being warned to turn off a 3D rendering tool in their browsers following “significant” security problems.

Chrome and Firefox users warned to turn off WebGL

Part of the HTML5 Canvas functionality, WebGL is a rendering engine that allows 3D images and animations without plugins. It is used in the latest versions of Chrome and Firefox, as well as the newest builds of Safari.

Security firm Context warned that the specification is “inherently insecure”.

“The risks stem from the fact that most graphics cards and drivers have not been written with security in mind so that the interface (API) they expose assumes that the applications are trusted,” says Michael Jordon, research and development Manager at Context.

“While this may be true for local applications, the use of WebGL-enabled browser-based applications with certain graphics cards now poses serious threats from breaking the cross-domain security principle to denial-of-service attacks, potentially leading to full exploitation of a user’s machine.”

Those concerns with WebGL have been backed by the US Computer Emergency Readiness Team (CERT), the federal government’s cybersecurity advisor. US CERT warned that WebGL contains “multiple significant security issues”, and advised users to turn it off.

“The impact of these issues includes arbitrary code execution, denial-of-service, and cross-domain attacks,” US CERT said, warning users to “disable WebGL to help mitigate the risks”.

How to turn off WebGL

Here’s how to turn off WebGL (thanks to TechDows for the instructions).

In Chrome:

  • right click on the Chrome shortcut
  • click properties
  • type -disable-webgl into the target field after the Chrome.exe line (…chrome.exe -disable-webgl)
  • click apply

How to turn off WebGL in Firefox 4:

  • type “about:config” into the address bar
  • agree to the “here be dragons” warning message
  • type “webgl” into the Filter field
  • double click “webgl.disable” so the value changes to “true”
  • retstart the browser

We’re still waiting on confirmation from Google and Mozilla on whether disabling WebGL in these ways will be sufficient protection.

Related Posts

Twitch won't load in chrome or firefoxHow to Fix Twitch Not Loading in Chrome or Firefox How to Go Incognito in Google Chrome, Mozilla Firefox, and Safari How to Enable JavaScript in Google Chrome, Firefox, Microsoft Edge, and Safari How to Change Your Location in Firefox How To Turn Off Dark Mode in Google Chrome The best vpn for firefoxBest VPN for Firefox How to Find and Unfollow Instagram Users Who Don’t Follow You Back How to Import Passwords into Google Chrome Using a CSV File How to Disable Pop-Up BlockerHow to Disable Pop-Up Blocker in Google Chrome, Safari, and Edge
Send Email

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.

You may also like
Connecting two AirPods to a Windows PC or Mac
How to Connect Two AirPods to a Mac or Windows PC

Lee Stanton March 14, 2024

A-Full-List-of-Command-Prompt-Commands
The Full List of Command Prompt Commands

Digvijay Kumar March 8, 2024

EA App Game Is Already Running
How to Fix EA App Game Is Already Running Issue

Aman Kumar March 7, 2024

Send To Someone

Missing Device