Computerworld - Google today announced it had wrapped up work on a stronger Flash sandbox in the Windows version of Chrome, and would soon ship the same for its OS X browser.
Chrome 21, which launched July 31, completed efforts to ditch the aged NPAPI (Netscape Plugin Application Programming Interface) Flash plug-in for one built to Google's own PPAPI (Pepper Plugin Application Programming Interface) standard.
By porting Flash Player to PPAPI, Google's engineers were able to stuff the Adobe plug-in into a "sandbox" as robust as the one that protects Chrome itself.
"Windows Flash is now inside a sandbox that's as strong as Chrome's native sandbox, and dramatically more robust than anything else available," Justin Schuh, a Chrome engineer, in a post to the Chromium blog Wednesday.
A sandbox is an anti-exploit technology that isolates processes on the computer, preventing or at least hindering malware from letting hackers exploit an unpatched vulnerability, escalate privileges and push their attack code onto the machine.
Chrome was the first to sandbox Flash Player: Google shipped a "stable" build of the browser in March 2011 with a Windows sandbox for Flash. In May 2012, Adobe issued a sandboxed Flash plug-in for Mozilla's Firefox, although the open-source browser maker has struggled to diagnose a higher-than-usual number of Flash crashes since then.
Previously Chrome's Flash sandbox was only available on Windows Vista and Windows 7, but with Chrome 21 and the move to PPAPI, Google was able to extend coverage to Windows XP.
"[That's] critical given the absence of OS support for security features like ASLR and integrity levels [in Windows XP]," Schuh said.
Schuh claimed that Chrome is run by about 100 million Windows XP users.
According to Web analytics company Net Applications, Windows XP powered 46.6% of all Windows PCs that went online in July, a slightly larger share than the quickly-gaining Windows 7.
The port of Flash to PPAPI will reduce Flash crashes by 20%, and prepares Chrome for its debut on Windows 8, the upgrade Microsoft plans to start selling Oct. 26.
"Because PPAPI doesn't let the OS bleed through, it's the only way to use all Flash features on any site in Windows 8 Metro mode," Schuh wrote, referring to the tile-based environment that, along with a traditional desktop, comprises Windows 8.
Google added a Metro version of Chrome to the rougher "dev" channel in mid-June.
Although a fully-sandboxed Flash Player plug-in is yet not included in Chrome on OS X, Schuh said that the team "hope[s] to ship it soon."
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at 
@gkeizer, on Google+ or subscribe to Gregg's RSS feed 
. His email address is gkeizer@computerworld.com.
See more by Gregg Keizer on Computerworld.com.
Read more about Application Security in Computerworld's Application Security Topic Center.
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
