The UK security firm Context (with support from the US Computer Emergency Readiness Team (CERT) ) believes that the WebGL feature should be disabled after learning of a security threat that allows a code to be planted directly into a computer’s GPU.
The extent of the attack can vary depending on the attacker; some attacks can be a simple denial of service attack and others can be more severe with the additional use of HTML5 Canvas. As a result of these vulnerabilities Context believes that WebGL is not ready for mass usage and should be disabled in web browsers.
Source – Contextis
COMMENTS