Hacker News new | past | comments | ask | show | jobs | submit login

Not really, that is not the problem of WebGPU. The worst you can do is crash the tab. With an unstable graphics driver, there might even be the option to crash the system but that's hardly a security issue, only an annoyance.



Historically any time an attack surface as big as WebGPU has been exposed, "the worst you can do is crash the tab" has not ever been true.

Also note that for an unstable graphics driver, the way you usually crash the system is by touching memory you shouldn't (through the rendering API), which is definitely something that could be exploited by an attacker. It could also corrupt pages that later get flushed to disk and destroy data instead of just annoy you.

Though I am skeptical as to whether it would happen, security researchers have previously come up with some truly incredible browser exploit chains in the past, so I'm not writing it off.


WebGL has been around for more than a decade and didn't turn out to be a security issue, other than occasionally crashing tabs. Neither will WebGPU be.


By exposing vulnerable graphics drivers to arbitrary web code, WebGL has allowed websites to take screenshots of your desktop (https://www.mozilla.org/en-US/security/advisories/mfsa2013-8...) and break out of virtual machines (https://blog.talosintelligence.com/nvidia-graphics-driver-vu...), to use two examples I found via a web search.


Very curious what you see as the problems with WebGPU currently. I’ve been tinkering with it slowly as it has a bit of a learning curve.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: