WebGL is a cross-platform 3D graphics API for the web that is being adopted by the likes of Chrome, Firefox, Safari, and Opera in order to usher in next-gen graphics intensive web applications. However, one major browser vendor has decided to distance itself from the pack, and has announced that it won’t be supporting WebGL. No points for guessing who that browser vendor is. It is none other than Microsoft.
Microsoft has a terrible track record when it comes to adopting new standards. They have been trying to turn a new leaf, but there have been several missteps along the way. They also happen to be the folks behind DirectX, the main competitor of OpenGL, which forms the basis for WebGL. So, its not all that surprising that Microsoft has decided to diss WebGL. However, before the knives come out, Microsoft might actually be right for a change.
Microsoft’s objection is based on the fact that WebGL, in spite of claims to the contrary by the Khronos Group, isn’t really secure. Microsoft explained the technicalities behind its objections in a fair amount of detail in its TechNet blog post. The three main points raised by Microsoft are:
- WebGL provides low-level hardware access in a way that is overly permissive.
- Even security procedures put in place can be circumvented due to the presence of vulnerabilities in the graphics driver. The onus for ensuring security will fall on the driver manufacturers and not on the browser or operating system vendor. Users rarely update their hardware drivers; and even the manufactures themselves aren’t accustomed to releasing frequent and quick security updates.
- Modern operating systems and graphics infrastructure were never designed to fully defend against attacker-supplied shaders and geometry. It might become possible for hackers to crash and reboot systems at will by supplying malformed data.
Microsoft believes that WebGL will likely become an ongoing source of hard-to-fix vulnerabilities, and this is a concern that has been raised before by third parties. WebGL is an exciting piece of technology. It is also something that is required to push the boundaries of what can be done within a web app. Microsoft might be playing spoil sport; however, with the current design flaws in WebGL, Microsoft’s stance also makes a lot of sense. Let’s hope that the Khronos Group will manage to find a way to assuage the concerns surrounding WebGL.