[exDM69]

This was a problem with WebGL a few years ago on some OS/GPU/Browser combinations. It was possible to write a WebGL app that created uninitialized textures, drew them on screen, grabbed a screenshot and then uploaded that via HTTP(s) to a server.

This issue should now be fixed, but bugs and/or old unpatched browsers may still be out there.

[greggman]

That browsers have bugs that might leak info is not special to WebGL or GPUs. The bugs are found, they get fixed.

[exDM69]

Oh sure, but in this particular case it seemed like no-one had thought about the issue that uninitialized textures can be used for snooping screen content, this wasn't mandated by the spec (IIRC).