Good News: Chrome Now Sandboxes Flash
Posted: Sun Dec 05, 2010 9:38 pmGood News: Chrome Now Sandboxes Flash for More Secure Browsing
Adobe Flash Player is now sandboxed in the latest dev channel release of Google Chrome, bringing a huge security benefit to Chrome users. Here's why:
You'll hear a lot of Flash bashing on the internet, and while we're not as down on Flash as some (it has its flaws, but it's also been instrumental in shaping many of the things we love about the web), perhaps Flash's biggest flaw lies in security—or lack thereof. Flash is a common in-road for hackers aiming to execute malicious code in browsers. In a broad nutshell, sandboxing Flash means that this malicious code will have limited access to your system, and will be considerably less able to achieve its goal. From Google's Chromium releases blog:
This initial Flash Player sandbox is an important milestone in making Chrome even safer. In particular, users of Windows XP will see a major security benefit, as Chrome is currently the only browser on the XP platform that runs Flash Player in a sandbox. This first iteration of Chrome's Flash Player sandbox for all Windows platforms uses a modified version of Chrome's existing sandbox technology that protects certain sensitive resources from being accessed by malicious code, while allowing applications to use less sensitive ones. This implementation is a significant first step in further reducing the potential attack surface of the browser and protecting users against common malware.
Google notes that this initial sandboxing is just a start, and that they're still working to improve its effectiveness. Currently Flash sandboxing is only available on the dev channel for Windows, but they're planning to support all platforms eventually
Adobe Flash Player is now sandboxed in the latest dev channel release of Google Chrome, bringing a huge security benefit to Chrome users. Here's why:
You'll hear a lot of Flash bashing on the internet, and while we're not as down on Flash as some (it has its flaws, but it's also been instrumental in shaping many of the things we love about the web), perhaps Flash's biggest flaw lies in security—or lack thereof. Flash is a common in-road for hackers aiming to execute malicious code in browsers. In a broad nutshell, sandboxing Flash means that this malicious code will have limited access to your system, and will be considerably less able to achieve its goal. From Google's Chromium releases blog:
This initial Flash Player sandbox is an important milestone in making Chrome even safer. In particular, users of Windows XP will see a major security benefit, as Chrome is currently the only browser on the XP platform that runs Flash Player in a sandbox. This first iteration of Chrome's Flash Player sandbox for all Windows platforms uses a modified version of Chrome's existing sandbox technology that protects certain sensitive resources from being accessed by malicious code, while allowing applications to use less sensitive ones. This implementation is a significant first step in further reducing the potential attack surface of the browser and protecting users against common malware.
Google notes that this initial sandboxing is just a start, and that they're still working to improve its effectiveness. Currently Flash sandboxing is only available on the dev channel for Windows, but they're planning to support all platforms eventually
