Google puts Flash plugin in a more secure browser sandbox

Google puts Flash plugin in a more secure browser sandbox

Summary: The Flash Player plugin will no longer be the weakest link in Google's Chrome browser.

SHARE:

flash_sandbox_chrome
As proven by the CanSecWest Pwn2Own hacks, the Flash Player plugin that ships with Google Chrome is a major weak spot that has been targeted by attackers. 

Not anymore.

Google has quietly tweaked the browser to put Flash in the browser's more restrictive sandbox on all versions of Windows, making it significantly harder to exploit a Flash Player vulnerability to get full system access.

The fully sandboxed Flash was included in the Chrome 21 beta release, according to Google's Justin Schuh.

[ SEE: How Google set a trap for Pwn2Own exploit team ]

Earlier this month, Google introduced a "double security" sandbox concept for Chrome on Linux to offer improved security on the open-source operating system.

Topics: Security, Browser, Google, Web development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Wha...?

    Wait a second... so when Google says Flash is "built in" Chrome, what they REALLY mean is that the plugin is already installed? Or did I miss something?

    I'm pretty sure there's a difference.
    pishaw
    • Re: Wha...?

      Adobe Flash Player is directly integrated with Google Chrome and enabled by default.

      Available updates for Adobe Flash Player are automatically included in Chrome system updates.
      daikon
  • Google puts Flash plugin in a more secure browser sandbox

    Kudos to the Chrome Team.
    daikon