The webgl standard has rather strong memory safety considerations:
WebGL resources such as textures and vertex buffer objects (VBOs) must always contain initialized data, even if they were created without initial user data values.[0]
As long as browser vendors implement this (and chrome and firefox seem to), this should not be an issue.
This was a problem with WebGL a few years ago on some OS/GPU/Browser combinations. It was possible to write a WebGL app that created uninitialized textures, drew them on screen, grabbed a screenshot and then uploaded that via HTTP(s) to a server.
This issue should now be fixed, but bugs and/or old unpatched browsers may still be out there.
Oh sure, but in this particular case it seemed like no-one had thought about the issue that uninitialized textures can be used for snooping screen content, this wasn't mandated by the spec (IIRC).
Howeverm we did not test on any other browser technologies like flash or java. I cannot guarantee that there is no possibility to access any VRAM from within a browser.
WebGL resources such as textures and vertex buffer objects (VBOs) must always contain initialized data, even if they were created without initial user data values.[0]
As long as browser vendors implement this (and chrome and firefox seem to), this should not be an issue.
[0] https://www.khronos.org/registry/webgl/specs/1.0.3/