So why did Microsoft add WebGL support in IE11?

In June 2011, Microsoft decided not to add support for the WebGL API in Internet Explorer, due to security concerns. Now that stance has changed, as the preview version of IE11 finally adds support for WebGL. But what made Microsoft change their stance on the API in the first place?

In a chat with TechRadar, the head of the IE team at Microsoft, Dean Hachamovitch, said that one of the security concerns for WebGL was an exploit found in its use for Firefox on the Mac. That exploit would allow hackers to view anything on the screen of a Firefox user if they surfed to a malicious website. Since then, the WebGL standard has been changed so that issue has been fixed.

Hachamovitch also said that the IE team has made some security improvements on its own for WebGL to run on IE11. He stated:

Running WebGL on top of the latest DirectX technology provides additional security. On other devices and operating systems it's possible to overwhelm the GPU and get all sorts of bad things happening. On the DirectX architecture there is time-out detection and recovery. If you overwhelm the GPU, instead of taking down the whole system, it will just reset the GPU. So we feel we have defense in depth and, with the changes in the standard, that makes it safe to implement.

The addition of WebGL in IE11 should be a welcome one for not just its users but also for website developers, who can now support Microsoft's web browser with more features similar to those found in sites made for Firefox and Chrome.

Source: TechRadar | Image via Microsoft

Report a problem with article
Previous Story

Rumor: Lenovo to launch 1080p quad-core Windows Phone in 2013?

Next Story

New Xbox One info from Comic-Con; scanning player's face into games via Kinect

14 Comments

Commenting is disabled on this article.

Are the things missing form IE11 actually signed off? Don't expect Microsoft to implement standards that are still pending.

Riva said,
Are the things missing form IE11 actually signed off? Don't expect Microsoft to implement standards that are still pending.

But I need to play slow and crashy html5 webgames prototypes, now!!!

IE on the Windows 8.1 Preview gets a score of 71.5% when running the khronos test suite.

I've run into loads of problems with webgl content out there but it's hard to say exactly why.

Microsoft is the only company that doesn't implement not fully fleshed out features in its web browser, with good reason. Always good to have one company that will apply the brakes to make sure everything is up to snuff.

dagamer34 said,
Microsoft is the only company that doesn't implement not fully fleshed out features in its web browser, with good reason. Always good to have one company that will apply the brakes to make sure everything is up to snuff.
Safari's not doing so well these days either. They may be doing okay with the CSS features, but they are falling far behind on both speed and supported complete APIs (but a ton of the webkit prefixed versions, such as Audio).

Interestingly enough, Microsoft's turn-around on WebGL does not really solve the initial claim that they made about not supporting WebGL: video driver exploitation could create new vulnerabilities outside of the browser's sandbox. It does provide a bit of obfuscation as you are kind of sandboxed into DirectX, but I do not think that's really much of a safety net.

I do think that it was a smart move to wait to support it, and it was also smart to support it now as cool web features (mostly 3D mapping) are starting to mature (e.g., here.com and now maps.google.com's beta).

pickypg said,
Interestingly enough, Microsoft's turn-around on WebGL does not really solve the initial claim that they made about not supporting WebGL: video driver exploitation could create new vulnerabilities outside of the browser's sandbox. It does provide a bit of obfuscation as you are kind of sandboxed into DirectX, but I do not think that's really much of a safety net.

Microsoft also security audit all the graphics card drivers, so while it doesn't completely remove the chance of exploits happening, it does reduce the risks somewhat.

Basically the reverse of Valve's togl layer used on their Linux/Mac ports of the Source engine.

Neat I guess, translation doesn't incur a huge penalty, Microsoft get to retain their corporate pride, and web developers get broad usage of the spec. Everyone wins.