Google and Mozilla close WebGL vulnerabilities
As already known , some time ago, Microsoft called WebGL technology unsafe , so the corporation refused to work towards introducing technology into its products. Google and Mozilla, the main developers of the Khronos consortium, to reassure the developers, said that the devil is not so bad as it is painted, and in general, if there are problems, they will be quickly fixed. The Mozilla guys generally made a knight's move, hitting Silverlight, finding a similar vulnerability there. Microsoft recognized a bug that could cause a denial of service, and began work to eliminate the hole.
In the meantime, Google and Mozilla have been working hard to solve WebGL problems. The company's engineers could not completely eliminate the vulnerability, retaining the functionality, so fixes and limitations that correct the vulnerability to the loading of cross-domain content can adversely affect applications that use this technology. As a solution to the problem, Khronos proposed using the draft specification of the CORS World Wide Web Consortium, which allows the use of an API that works with content from different sources to apply it in texture loading.
Thus, Mozilla was the first to close a vulnerability in Firefox 5 (Mozilla solved this problem even before the Microsoft message trivially disabled functionality), Google introduced a fix in Chromium 13 with a functional solution, and the entire working group fixed the specification according to security policies and the proposal for developers to use CORS.
Based on Chromium Blog , H-Open , ConceivablyTech .
In the meantime, Google and Mozilla have been working hard to solve WebGL problems. The company's engineers could not completely eliminate the vulnerability, retaining the functionality, so fixes and limitations that correct the vulnerability to the loading of cross-domain content can adversely affect applications that use this technology. As a solution to the problem, Khronos proposed using the draft specification of the CORS World Wide Web Consortium, which allows the use of an API that works with content from different sources to apply it in texture loading.
Thus, Mozilla was the first to close a vulnerability in Firefox 5 (Mozilla solved this problem even before the Microsoft message trivially disabled functionality), Google introduced a fix in Chromium 13 with a functional solution, and the entire working group fixed the specification according to security policies and the proposal for developers to use CORS.
Based on Chromium Blog , H-Open , ConceivablyTech .
')
Source: https://habr.com/ru/post/123679/
All Articles