Firefox and Chrome WebGL poses "multiple significant security issues"

Firefox 4 and Chrome users could be leaving their PCs open for exploits as a result of the "inherently insecure" specification of the WebGL web standard.

WebGL was developed by the Khronos Group, which oversees the OpenGL graphics technologies, who signed up a bunch of companies including Apple, Google, Mozilla and Opera to help develop the best code in order to make the web more 3D friendly.

However, concerns have now been raised about how secure the standard is, given that it works in tandem with GPUs - an area that doesn't have security at its forefront.

The US federal government's cyber-security advisor, US CERT, has warned that WebGL contains "multiple significant security issues" and advised users to switch it off.

"The impact of these issues includes arbitrary code execution, denial-of-service, and cross-domain attacks," it said.

Michael Jordon, research and development Manager at security firm Context explained: "The risks stem from the fact that most graphics cards and drivers have not been written with security in mind so that the interface (API) they expose assumes that the applications are trusted.

"While this may be true for local applications, the use of WebGL-enabled browser-based applications with certain graphics cards now poses serious threats from breaking the cross-domain security principle to denial-of-service attacks, potentially leading to full exploitation of a user’s machine."

The Khronos Group has admitted that there are issues that need to be ironed out in the new standard and has stressed that it is working with GPU manufacturers to make them realise they now need to be security concious.

That won't help anyone now though presumably, so our advice is to turn the function off within your browser. A quick Google search provides plenty of step-by-step directions.