Skip navigation

Microsoft Issues Warning About WebGL, a Feature of Firefox and Chrome

The Microsoft Security Research & Defense team this week issued a serious warning about WebGL, a web browser technology that is supported by both Mozilla Firefox and Google Chrome. And they’re not screwing around.

Our analysis has led us to conclude that Microsoft products supporting WebGL would have difficulty passing Microsoft’s Security Development Lifecycle requirements. Some key concerns include:

Browser support for WebGL directly exposes hardware functionality to the web in a way that we consider to be overly permissive

Browser support for WebGL security servicing responsibility relies too heavily on third parties to secure the web experience

Problematic system DoS scenarios

We believe that WebGL will likely become an ongoing source of hard-to-fix vulnerabilities. In its current form, WebGL is not a technology Microsoft can endorse from a security perspective.

Yikes. Well, there you go.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.