[jameskilton]

I thought the article was pretty clear. It's not a browser security problem, but the fact that WebGL exposes the ability for malicious code to attack bugs and issues with graphics drivers (of which there are many).

For those that don't know, WebGL follows the OpenGL ES 2.0 spec, which doesn't have a fixed function pipeline. This means that you're doing two things: defining vertex information in buffers that get sent to the graphics card, and then writing shader programs to define how those vertices are rendered. IIRC It's the shader programs and how the drivers work with sending these programs to the cards that are the biggest issue (you are writing code that gets compiled and runs directly on the hardware).

Given that the Windows 8 preview made such a huge mention of HTML5 / JS / CSS for making desktop apps, I don't think competition w/ DirectX is a part of the issue here.

Add to the article that there are already a significant number of research attacks using WebGL to take full control of a computer, I have to say that MS isn't crazy and in this case has a pretty good hold on things.