Linked by Kroc Camen on Sat 17th Oct 2009 05:27 UTC
Microsoft Whilst it's not okay in Microsoft's eyes for Google to install a plugin into Internet Explorer, increasing the potential surface area of attack, when Microsoft do it to Firefox, it's a different matter. Now a security hole has been found in a plugin that Microsoft have been silently installing into Firefox.
Thread beginning with comment 389777
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Opt-in
by Erunno on Sat 17th Oct 2009 10:49 UTC in reply to "RE[2]: Opt-in"
Erunno
Member since:
2007-06-22

Chrome and Safari on Snow Leopard place plugins on their own thread and in a sandboxed environment, which helps; but ultimately the whole nature of plugins is completely flawed and unsafe from the get-go.


Actually, both run plug-ins in separate processes and not threads. Chrome does not use a sandbox for them as Google encountered too many compatibility problems to be turned on by default. To lessen the attack area at least somewhat Google lets the process which does the IPC run with minimal rights. While the plug-in can still wreck havoc this way at least Chrome itself is somewhat secured.

Edited 2009-10-17 10:52 UTC

Reply Parent Score: 4

RE[4]: Opt-in
by Kroc on Sat 17th Oct 2009 11:01 in reply to "RE[3]: Opt-in"
Kroc Member since:
2005-11-10

Thanks for the corrections, and I had forgot to add IE8/Vista to my list, which sandboxes plugins too.

Reply Parent Score: 1

RE[5]: Opt-in
by Erunno on Sat 17th Oct 2009 11:35 in reply to "RE[4]: Opt-in"
Erunno Member since:
2007-06-22

Thanks for the corrections, and I had forgot to add IE8/Vista to my list, which sandboxes plugins too.


IE8 and Chrome both feature a process-per-tab model (although in reality there are exceptions when a new tab is run in the same process as its parent, at least on Chrome). Safari only outsources plug-ins into processes, probably mainly to be able to run 32-bit stuff like Flash. Interestingly enough, although IE8 also runs Flash in a separate process it is not able to use it in a 32/64 bit mixed mode like Safari, i.e. Flash does not work with 64-bit IE8.

And I don't want to sound patronizing by repeating myself but Chrome does not sandbox plug-ins by default. I know that there are different opinions on what constitutes sandboxing but in the context of Chrome calling a separate process a sandbox does not apply since Chrome additionally is able to lock down individual processes.

Reply Parent Score: 2