Posted May 26, 2011 2:18 UTC (Thu) by jimparis
Parent article: WebGL vulnerabilities
Shaders are written to handle the complexities of the graphics to be rendered, and the libraries and drivers turn those programs into the proper form for the GPU(s) in the hardware.
Essentially it means that malicious web sites can craft semi-arbitrary programs to run on the hardware of the user.
That kind of denial of service could be extremely annoying to users, but doesn't really directly impact the security of the desktop.
Running arbitrary shaders can be a HUGE security hole. The Xbox 360 GPU features the MEMEXPORT function that allows a shader to write arbitrary values to system memory! That's how the first xbox 360 exploit (so-called "king kong exploit") worked.
to post comments)