> That's the problem. We aren't even sure what attacks exist against the graphics stack
That could be an argument against new JavaScript JITs, too, or new video codecs. But we add those to browsers all the time, because they are important. So is being able to render 3D, I would argue.
Furthermore, of course we have an idea of the risks here, and the ways to prevent them. A huge amount of effort has gone into that, but in speccing WebGL and in implementing it, and in collaboration with GL driver vendors. And security experts have been poking at GL and WebGL for a while, just like they poke at JS engines and video codecs.
Yes, it is an argument against JITs. For a little while, OS builders were making progress on mitigation techniques, then the browsers all got together and decided it would be cool to allow attackers more control over the executable parts of the address space.
I do care about speed and 3D. But I don't think the web needs to be the delivery mechanism for all software. 900 years ago, they compiled Thunderbird once and everybody downloaded and used it. Now, every individual end user compiles gmail on a daily basis. The SaaS model has a lot of advantages. It has disadvantages too. I'm ok with only a subset of all potential programs being viable in a SaaS model.
In particular, I think allowing malicious people to run programs on your computer by default because, hey it's safe in the sandbox, is a terrible idea.
That could be an argument against new JavaScript JITs, too, or new video codecs. But we add those to browsers all the time, because they are important. So is being able to render 3D, I would argue.
Furthermore, of course we have an idea of the risks here, and the ways to prevent them. A huge amount of effort has gone into that, but in speccing WebGL and in implementing it, and in collaboration with GL driver vendors. And security experts have been poking at GL and WebGL for a while, just like they poke at JS engines and video codecs.