3D Graphics APIs must be disabled

Part of DTBC0019 - Disable 3D Graphics APIs

SV-47054r1_rule 3D Graphics APIs must be disabled

Vulnerability discussion

"Disable support for 3D graphics APIs. Enabling this setting prevents web pages from accessing the graphics processing unit (GPU). Specifically, web pages can not access the WebGL API and plugins can not use the Pepper 3D API. Disabling this setting or leaving it not set potentially allows web pages to use the WebGL API and plugins to use the Pepper 3D API. The default settings of the browser may still require command line arguments to be passed in order to use these APIs." - Google Chrome Administrators Policy ListChrome uses WebGL to render graphics using the GPU. There are few sites that currently take advantage of this feature. Since there is unlikely to be an operational impact, it is recommended that this feature is turned off in order to reduce the attack surface.

Check content

Fix text

Valid for Chrome Browser version 9 or later. Windows registry: Key Path: HKLM\Software\Policies\Google\Chrome\ Value Name: Disable3DAPIs Value Type: Boolean (REG_DWORD) Value Data: 1 Windows group policy: Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Disable support for 3D graphics APIs Policy State: Enabled Policy Value: N/A

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.