Your one-stop web resource providing safety and security information to manufacturers

Google Chrome developers, with help from Adobe, improved the sandboxing of the browser’s Flash plugin.

To enable the improved sandboxing, the developers ported the Flash player plugin from the older Netscape Plugin API (NPAPI) to Google’s Pepper Plugin API (PPAPI) architecture, which they developed especially to allow the implementation of advanced features such as sandboxing and hardware graphics acceleration. These improvements are now defaults in the Windows version of the browser.

Apple Fills Safari Holes
Mozilla Closes Platform Holes
Browser Update: Advantage Bad Guys
Privacy Issues with Firefox Tabs

Porting the plugin to the Pepper API from the older NPAPI architecture enabled developers to make the changes to improve the sandboxing of the Flash plugin, officials said in a post on the official Chromium blog. The capabilities of NPAPI reached a point that “hamstrung future improvements.” Using the Pepper API, the Flash plugin has similar protection to tabs and plugins isolated using Chrome’s native sandbox.

Google says that this protection is “dramatically more robust than anything else available,” especially as Flash does not implement Address Space Layout Randomization (ASLR). Google said since the stable Chrome update, all Windows users, including those using Windows XP, now benefit from the new capabilities.

Cyber Security

The Linux version of Chrome with bundled Flash has been using the new API since the release of Chrome 20 and support for Mac OS X will “ship soon”, Google said.

Pin It on Pinterest

Share This