Latest Chromium build to include the first Flash Player sandbox
Back in March, Google announced it would be bundling the Adobe Flash plug-in with future versions of the Chrome browser. Naturally, this caused a few questions to arise about how Google planned to tackle the security and stability risks inherent in Flash, and whether the plug-in would work with Chrome's secure Sandbox environment.
Yesterday, Google and Adobe announced that the next developer build of the Chromium Project, coming as an update soon, will include the first sandboxable version of Chrome's integrated Flash Player (gcswf32.dll) for users running Windows XP, Vista, and 7.
"This first iteration of Chrome's Flash Player sandbox for all Windows platforms uses a modified version of Chrome's existing sandbox technology that protects certain sensitive resources from being accessed by malicious code, while allowing applications to use less sensitive ones," Engineers Justin Schuh and Carlos Pizano wrote in Google's Chromium Blog yesterday. "This implementation is a significant first step in further reducing the potential attack surface of the browser and protecting users against common malware."
The goal is to create a fully sandboxed version of Flash Player for all platforms that support Chrome; so the plug-in, often regarded as a significant browser vulnerability, can run more safely.
"Over the next few months, we will be testing and receiving feedback on this project," Adobe's Peleus Uhley said yesterday. "Since this is a distinctly different sandboxing code base from Internet Explorer, we are essentially starting from scratch."