Google puts Flash plugin in a more secure browser sandbox

Summary:The Flash Player plugin will no longer be the weakest link in Google's Chrome browser.

As proven by the CanSecWest Pwn2Own hacks, the Flash Player plugin that ships with Google Chrome is a major weak spot that has been targeted by attackers. 

Not anymore.

Google has quietly tweaked the browser to put Flash in the browser's more restrictive sandbox on all versions of Windows, making it significantly harder to exploit a Flash Player vulnerability to get full system access.

The fully sandboxed Flash was included in the Chrome 21 beta release, according to Google's Justin Schuh.

[ SEE: How Google set a trap for Pwn2Own exploit team ]

Earlier this month, Google introduced a "double security" sandbox concept for Chrome on Linux to offer improved security on the open-source operating system.

Topics: Security, Enterprise Software, Google, Developer


Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.