Released in March of this year, WebGL is gaining ground in online gamer communities, Infosecurity notes, as it allows 3D graphics to render within the browser as quickly as hardware-accelerated PC games and applications.
Context reports that design level security issues give potentially malicious web pages low level access to graphics cards that could provide a `back door' for hackers and compromise data stored on internet-connected machines.
According to the security firm, WebGL is currently supported on Linux, OSX and Windows operating systems, using Firefox 4, Safari and Google Chrome browsers. In addition to desktops and notebooks, WebGL is also being adopted for use in other devices including smart phones and is rapidly increasing in popularity.
Michael Jordan, the firm's research and development manager, says that the security risks stem from the fact that most graphics cards and drivers have not been written with security in mind.
This means, he explains, that the application programming interface (API) they expose assumes that the applications are trusted.
"While this may be true for local applications, the use of WebGL-enabled browser-based applications with certain graphics cards now poses serious threats from breaking the cross domain security principle to denial of service attacks, potentially leading to full exploitation of a user's machine", he says.
"We think it is important to raise awareness of this issue before WebGL becomes more widely adopted because this is not an implementation problem, but is down largely to the WebGL specification, which is inherently insecure", he adds.
Jordan went on to say that, in the short term, individual end users or IT departments can avoid potential problems by simply disabling WebGL within their browsers.
The only long term solution, he notes, is for the developers of WebGL itself to ensure that the specification is designed and tested to prevent these types of risks.