Google sandboxes Flash in Chrome for OS X
Wraps up the transition to its own PPAPI plug-in technology for the Adobe software
Computerworld - Google this week announced it had shipped a stronger Flash Player sandbox for the OS X version of Chrome, making good on an August promise to ship a Mac browser better able to ward off exploits of the Adobe software.
Chrome 23, which launched Nov. 6, completed Google's efforts to ditch the aged NPAPI (Netscape Plugin Application Programming Interface) Flash plug-in for one built to Google's own PPAPI (Pepper Plugin Application Programming Interface) standard.
By porting Flash Player to PPAPI, Google's engineers were able to place the Adobe plug-in in a "sandbox" as robust as the one that protects Chrome itself.
A sandbox is an anti-exploit technology that isolates processes on a computer, preventing or at least hindering malware from exploiting an unpatched vulnerability, escalating privileges and planting attack code on the system.
"With this release [of Chrome 23], Flash Player is now fully sandboxed in Chrome on all of our desktop platforms, including Windows, Mac, Linux and Chrome OS," said Scott Hess, a Google software engineer, in a Tuesday blog post.
Windows users received the treatment in July with Chrome 21. Linux users got their stronger browser in June with Chrome 20. Chrome OS has had the PPAPI plug-in and sandbox for more than a year.
Chrome was the first to sandbox Flash Player: Google shipped a "stable" build of the browser in March 2011 with a Windows sandbox for Flash using the older NPAPI plug-in technology.
Adobe has also been in on the act. The maker of Flash issued a sandboxed plug-in for Mozilla's Firefox last May, and has worked with Microsoft to integrate Flash with Internet Explorer 10 (IE10) on Windows 8 and Windows RT.
According to Web metrics company Net Applications, Chrome accounted for 18.6% of the world's browsers used in October, putting it in third place behind IE and Firefox. Rival measurement company StatCounter, however, has long had a much different take on Chrome. Last month, it put Google's share at 34.8%, making it the world's most-used browser.
The two companies' wildly-different estimates stem from their divergent methodologies: Net Applications counts unique users while StatCounter tracks page views.
Google has been bundling Flash with its Chrome browser for more than two years, one way it has tried to stifle attacks of the frequently-vulnerable software. So far this year, Adobe has patched Flash Player nine time: once in February, twice in March, once each in May and June, twice in August, and once each in October and November.
Chrome 23 also introduced the "Do Not Track" (DNT) privacy feature; Google was the last major browser maker to add DNT support.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
- Mozilla ships Metro Firefox beta for Windows 8
- Mozilla defers Firefox's new 'Australis' UI to April
- Mozilla resets Metro Firefox ship date to mid-March
- Mozilla ships Firefox 26 with opening click-to-play move
- Mozilla banked $274M in '12 from Google-Firefox search deal
- Google trumpets Chrome's SPDY gains
Read more about Internet in Computerworld's Internet Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts