[kevingadd]

Historically any time an attack surface as big as WebGPU has been exposed, "the worst you can do is crash the tab" has not ever been true.

Also note that for an unstable graphics driver, the way you usually crash the system is by touching memory you shouldn't (through the rendering API), which is definitely something that could be exploited by an attacker. It could also corrupt pages that later get flushed to disk and destroy data instead of just annoy you.

Though I am skeptical as to whether it would happen, security researchers have previously come up with some truly incredible browser exploit chains in the past, so I'm not writing it off.

[mschuetz]

WebGL has been around for more than a decade and didn't turn out to be a security issue, other than occasionally crashing tabs. Neither will WebGPU be.

[csande17]

By exposing vulnerable graphics drivers to arbitrary web code, WebGL has allowed websites to take screenshots of your desktop (https://www.mozilla.org/en-US/security/advisories/mfsa2013-8...) and break out of virtual machines (https://blog.talosintelligence.com/nvidia-graphics-driver-vu...), to use two examples I found via a web search.