The latest developer channel release of the Chrome browser now supports sandboxing for Adobe’s Flash Player on Windows 7, Vista and XP.
This feature should provide extra protection against malicious browser exploits through the Flash Player. The dev channel releases of Chrome on Windows already support sandboxing for HTML rendering and JavaScript execution, two of the most common paths people can use to run malicious code on an unsuspecting user’s machine. Sandboxing keeps these sensitive parts of the browser more secure while still allowing web pages and apps to access the other, less-sensitive parts of the browser.
Windows users on the dev channel should see the update arrive automatically. We should note that the sandbox does have some bugs and may break other parts of the browser — this is a developer release, after all. Once the kinks are ironed out, all of these sandboxing features will begin making their way into proper stable Chrome releases.
Google’s Chromium team has been working with Adobe to build better Flash controls into Chrome, and to utilize Chrome’s sandboxing technology for the plug-in. Google says Wednesday’s update makes Chrome the only browser on XP that sandboxes Flash. For more about sandboxing and how Chrome is implementing it, read the overview post on the Chromium blog from October. Also, Wednesday’s release comes less than a month after Chrome introduced click-to-play controls for Flash and other plug-ins.
Adobe’s Flash Player is the most widely-used browser plug-in on the web, and it’s the dominant choice for video playback and games online. Even so, the technology gets beat up for performance issues and its security shortcomings, and it’s still falling out of favor among standards enthusiasts who are pushing HTML5 as the better solution for displaying multimedia in the browser.
Adobe also released a new beta version of the Flash Player on Wednesday that improves some of its performance issues.
See also: