Google and Adobe are working closely to better integrate Flash into the Chrome web browser. The first result of that work came earlier this year when the two companies announced that Chrome would ship with Flash built-in, to allow the plugin to make use of Chrome’s auto-update feature. Sandboxing Flash in Chrome is the next step.
“This first iteration of Chrome’s Flash Player sandbox for all Windows platforms uses a modified version of Chrome’s existing sandbox technology that protects certain sensitive resources from being accessed by malicious code, while allowing applications to use less sensitive ones,” write Justin Schuh and Carlos Pizano, software engineers at Google, “This implementation is a significant first step in further reducing the potential attack surface of the browser and protecting users against common malware.”
A lot of work still needs to be done, however, since this is only an initial release. “While we’ve laid a tremendous amount of groundwork in this initial sandbox, there’s still more work to be done,” the engineers add, “We’re working to improve protection against additional attack vectors, and will be using this initial effort to provide fully sandboxed implementations of the Flash Player on all platforms.”
Especially Windows XP users should benefit from this work, since Chrome will be the only browser sandboxing Flash on that archaic Windows version. If you’re in the dev channel and are experiencing problems, you can use
--disable-flash-sandbox to disable the feature – after filing a bug report, of course.
No word on when this will arrive for Linux and Mac OS X.