14 DAY TRIAL // Google will disable cross-domain WebGL resources in the next version of its Chrome browser because of security issues with the feature.
Back in May, a consultancy company called Context Information Security has identified several vulnerabilities in the WebGL technology.
One of the issues was the cross-domain theft of images when used as WebGL textures, the company providing a proof-of-concept exploit for this type of attack.
The Khronos Group which develops WebGL, has started to update the specification in order to address the problem, but in the meantime, Mozilla disabled support for cross-domain WebGL textures in Firefox 5.
Google has now followed suit, however it provided an alternative for developers requiring this functionality.
"As a result, Chrome 13 (and Firefox 5) will no longer allow cross-domain media as a WebGL texture. The default behavior will be a DOM_SECURITY_ERR.
"However, applications may still utilize images and videos from another domain with the cooperation of the server hosting the media, otherwise known as CORS," the Chrome developers wrote.
CORS, short for cross-origin resource sharing, is a mechanism that enables cross-origin requests. This allows webmasters to use cross-origin resources only if the resource owners agree.
A new attribute called .crossOrigin has been implemented in WebKit for MediaElements and can be used to request permission to use a resource.
However, the downside is that the owner of the resource needs to specifically allow its use via CORS and there are already WebGL projects that make use of cross-domain resources.
Google has been working with large media hosting websites like Flickr to enable CORS, but this will take time and some content will likely break in Chrome 13 because of the change.
Microsoft took advantage of these WebGL issues last month in order to dismiss the technology as a security risk. This has attracted criticism from a lot of people who consider that the company is two-faced because the version of Silverlight faces the same fundamental problems.