3

Microsoft delayed support for WebGL due to the fact Javascript could exploit driver weaknesses.

In the years that have past, in WebGL's adoption, are there any exploits of WebGL that supports their original position?

makerofthings7
  • 50,090
  • 54
  • 250
  • 536
  • 1
    Device fingerprinting first comes to mind. Second was some DoS. – Aria Aug 31 '16 at 19:50
  • There have been some implementation specific DoS and memory grabbing attacks in both Chrome's and Firefox's earlier implementations. – crovers Aug 31 '16 at 19:52
  • I seem to recall a possible glitch were it might have been possible to draw things from outside the browser to the canvas, and then access the pixel data via JavaScript. I don't have any links handy though. – Alexander O'Mara Aug 31 '16 at 20:08

1 Answers1

1

Absolutely. Quite a few, in fact. A quick web search turned some up in just a few minutes. These are the CVEs with a link to further information from NIST, the description, and the CVSS score. They are all related to WebGL handling in various popular browsers. Note that these are all vulnerabilities, not exploits, as there is a significant difference. A vulnerability is a security bug, whereas an exploit is anything that actually takes advantage of said security bug. While I haven't looked for an actual exploit for these CVEs, the fact that there were vulnerabilities means an exploit is absolutely possible.

CVE-2017-5112 (8.8 base score)

Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVSSv3: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2016-2824 (8.8 base score)

The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array.

CVSSv3: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2014-1502 (6.8 base score)

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.

CVSSv2: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVE-2013-1729 (2.6 base score)

The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element.

CVSSv2: AV:N/AC:H/Au:N/C:P/I:N/A:N

CVE-2012-3968 (10.0 base score)

Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor.

CVSSv2: AV:N/AC:L/Au:N/C:C/I:C/A:C

forest
  • 64,616
  • 20
  • 206
  • 257