[Ruudjah]

Every new web technology will be littered with security vulnerabilities. That's inherent to new technologies. The article does not make it clear for me what _inherent_ problems exist with regarding to security and WebGL.

Web workers can be silently used for data crunching. WebSockets can be used for DDoS attacks. CSS visited links could be used to know what history you have. But as the web progresses, these problems will be smoothed out. As such, the security problems with WebGL probably will be solved too.

Is it very far fetched to think Microsoft sees WebGL as a big threat to their Xbox/PC gaming/DirectX/Silverlight establishment?

[jameskilton]

I thought the article was pretty clear. It's not a browser security problem, but the fact that WebGL exposes the ability for malicious code to attack bugs and issues with graphics drivers (of which there are many).

For those that don't know, WebGL follows the OpenGL ES 2.0 spec, which doesn't have a fixed function pipeline. This means that you're doing two things: defining vertex information in buffers that get sent to the graphics card, and then writing shader programs to define how those vertices are rendered. IIRC It's the shader programs and how the drivers work with sending these programs to the cards that are the biggest issue (you are writing code that gets compiled and runs directly on the hardware).

Given that the Windows 8 preview made such a huge mention of HTML5 / JS / CSS for making desktop apps, I don't think competition w/ DirectX is a part of the issue here.

Add to the article that there are already a significant number of research attacks using WebGL to take full control of a computer, I have to say that MS isn't crazy and in this case has a pretty good hold on things.