Linked by kragil on Wed 23rd Jan 2013 20:26 UTC
Google "Native Client enables Chrome to run high-performance apps compiled from your C and C++ code. One of the main goals of Native Client is to be architecture-independent, so that all machines can run NaCl content. Today we're taking another step toward that goal: our Native Client SDK now supports ARM devices, from version 25 and onwards."
Permalink for comment 550160
To read all comments associated with this story, please click here.
RE: ActiveX
by ssokolow on Wed 23rd Jan 2013 21:36 UTC in reply to "ActiveX"
ssokolow
Member since:
2010-01-21

Is it me or does this look like a cross-platform version of ActiveX ?


The big problem with in-browser ActiveX is that it allowed websites to request specific, non-sandboxed code and request that it be installed with nothing more than a simple confirmation dialog.

NaCl uses some very clever static analysis to ensure the code can't break out of the sandbox and puts up decent prizes up for anyone who properly reports confirmed vulnerabilities in the runtime environment's API.

Heck, you don't even need sandboxing to do a proper ActiveX. Just look at how Konqueror uses KParts as browser plugins to allow embed/object for anything with a KPart in the system while still exposing only the same attack surface as normal NPAPI plugins like Media Player and PDF Viewer. (The key there being that the user, not the website, chooses whether a KPart will be used and, if so, which one)

It's all about making sure you have security measures proportionate to the API you expose.

Reply Parent Score: 4