Dean Hachamovitch, the head of Internet Explorer team at Microsoft had an interview with TechRadar in which he discussed about including WebGL support in the upcoming Internet Explorer 11. Microsoft announced few years back that they will not include WebGL in IE due to security reasons, but Microsoft now believes that most of the security issues have been fixed.
“There is a very interesting security exploit that involved WebGL and Firefox for Mac; basically you went to a malicious site and it could read everything on your screen. It reads the Word document you have in another window. That’s a great example of the kind of security vulnerability we were concerned about.”
It wasn’t until the standard changed that he would consider it. “The WebGL specification now includes technology called CORS that effectively prevents image stealing attacks.”
The IE team also put in a lot of extra work to improve security. “We did a lot of analysis of vulnerabilities, we did threat modelling, and we have essentially a pre-screening stage. Think of it like SmartScreen for WebGL content; we screen WebGL content for dangerous and suspicious patterns.”
It’s also another way that IE relies on Windows. “Running WebGL on top of the latest DirectX technology provides additional security. On other devices and operating systems it’s possible to overwhelm the GPU and get all sorts of bad things happenning. On the DirectX architecture there is time-out detection and recovery. If you overwhelm the GPU, instead of taking down the whole system, it will just reset the GPU. So we feel we have defence in depth and, with the changes in the standard, that makes it safe to implement.”
He even discussed about WebRTC, Encrypted Media Extensions (EME), and others in the interview. Read it from the link below.