Microsoft Reveals Why They Included WebGL In IE11 Now

Intertnet Explorer 11

Dean Hachamovitch, the head of Internet Explorer team at Microsoft had an interview with TechRadar in which he discussed about including WebGL support in the upcoming Internet Explorer 11. Microsoft announced few years back that they will not include WebGL in IE due to security reasons, but Microsoft now believes that most of the security issues have been fixed.

“There is a very interesting security exploit that involved WebGL and Firefox for Mac; basically you went to a malicious site and it could read everything on your screen. It reads the Word document you have in another window. That’s a great example of the kind of security vulnerability we were concerned about.”

It wasn’t until the standard changed that he would consider it. “The WebGL specification now includes technology called CORS that effectively prevents image stealing attacks.”

The IE team also put in a lot of extra work to improve security. “We did a lot of analysis of vulnerabilities, we did threat modelling, and we have essentially a pre-screening stage. Think of it like SmartScreen for WebGL content; we screen WebGL content for dangerous and suspicious patterns.”

It’s also another way that IE relies on Windows. “Running WebGL on top of the latest DirectX technology provides additional security. On other devices and operating systems it’s possible to overwhelm the GPU and get all sorts of bad things happenning. On the DirectX architecture there is time-out detection and recovery. If you overwhelm the GPU, instead of taking down the whole system, it will just reset the GPU. So we feel we have defence in depth and, with the changes in the standard, that makes it safe to implement.”

He even discussed about WebRTC, Encrypted Media Extensions (EME), and others in the interview. Read it from the link below.

Source: Techradar

  • rjmlive

    Wording of your title is weird. “Microsoft reveals challenges in bringing WebGL to IE11” might have been better.

    If this was Engadget it might read, “Microsoft finally brings WebGL to IE11, enters modern browser war.”

    If this was the Verge, it might have been, “Microsoft seeking browser relevancy cites “security risks” slowed them down bringing WebGL to IE11.”

    If it was Ars, it might be, “Microsoft decides WebGL finally safe enough for IE11, better late than never.”
    I feel a big push for them to want to include it is because Here maps uses it, among many other things of course.

    • reKitab

      You’re dang right, lol!

    • Tips_y

      It’s just me of course but to my mind and I know it’s not your intention, but your suggested title connotes that MS found it difficult to bring WebGL support to IE, which connotes a lack of technical know-how and sophistication. But based on their announcement, they purposely excluded WebGL support because they thought it a security risk if included, not because it was difficult for them to support it in IE.

      For that reason, I prefer the present title because to me it sounds more neutral, weirdly phrased as it is.

  • Przemysław Lib

    “The WebGL specification now includes technology called CORS that effectively prevents image stealing attacks.”

    As you can see here its IMAGES vs WHOLE DESKTOP. Which suggest that either he lie on purpose, or have no idea what he talk about.