On Wednesday Google announced a new developer test version of its Chrome Web browser that will place the code of Adobe's Flash Player plug-in in its own sandbox. For now, the update just applies to the Windows Versions of the browser.
A sandbox isolates the running code from the rest of the operating system so that its has no access to critical processes or data, thus preventing it from either intentionally or unintentionally doing harm. Flash has been famously criticized by Apple CEO Steve Jobs for its lack of security and stability.
Google already uses sandboxing for HTML rendering and JavaScript execution, making it one of the most secure browsers available.
The announcement appeared on the blog dedicated to Chromium, as the open source browser engine project is called. (To further complicate things, the company also plans an upcoming operating system, Chrome OS, using some of the same Chromium code base.) The blog post states that Google engineers have been working closely with Adobe to implement the plug-in sandboxing. Adobe recently used the technique in its own Reader X plugin for Acrobat PDF files.
According to the post, written by Google software engineers Justin Schuh and Carlos Pizano, "This first iteration of Chrome's Flash Player sandbox for all Windows platforms uses a modified version of Chrome's existing sandbox technology that protects certain sensitive resources from being accessed by malicious code, while allowing applications to use less sensitive ones. This implementation is a significant first step in further reducing the potential attack surface of the browser and protecting users against common malware." [PC Mag]
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.