Google did mentioned about WebGL in their just-concluded Google I/O 2011 event, but a UK security firm has quickly found a flaw about this new standard. Context has suggested that users should disable the feature because it poses a serious security threat, and the US Computer Emergency Readiness Team (CERT) is encouraging people to heed that advice. That doesn’t sound like good news for Google.

According to Context, a malicious site could pass code directly to a computer’s GPU and trigger a denial of service attack or simply crash the machine. WebGL and the Canvas element can also be used to pull image data from another domain, which could then be used as part of a more elaborate attack.

However Khronos, the group that organizes the standard, defended WebGL by pointing out that there is an extension available to graphics card manufacturers that can detect and protect against DoS attacks, but it did little to satisfy Context — the firm argues that inherent flaws in the design of WebGL make it very difficult to secure, and that WebGL should be safe to use by itself from the very beginning.

However, do note that WebGL won’t run on many Intel and ATI graphics chips (you can check by clicking here), meaning to say that this may affect fewer people than expected. But of course, if you want to be cautious, then you can find instructions for disabling WebGL at the source link below.

[Context via The Register]