Chrome Tightens the Leash on Adobe’s Flash Player
Google’s latest version of the Chrome web browser offers an even more secure, tightly sandboxed version of the browser’s Flash Player plugin.
At the moment the Flash Player improvements are only available to Windows users, but the change does apply to the entire Windows spectrum, covering everything from Windows XP (where Chrome is the only option if you want to keep Flash sandboxed) to the coming Windows 8.
As Chrome Software Engineer Justin Schuh writes on the Chromium blog, “Windows Flash is now inside a sandbox that’s as strong as Chrome’s native sandbox, and dramatically more robust than anything else available.”
The Flash update sees Chrome dropping the older Netscape Plugin API — which browsers have long relied on for plugin security — in favor of Google’s own Pepper Plugin API (PPAPI). Since PPAPI has a tighter sandbox it makes it harder to exploit Flash, but Schuh says the new architecture will make Flash more stable as well. “By eliminating the complexity and legacy code associated with NPAPI, we’ve reduced Flash crashes by about 20%.”
There are also performance gains since the PPAPI offloads some of the display work to your PC’s GPU, which makes for faster rendering and smooth scrolling. The new Pepper API also means Flash will work in Windows 8′s don’t-call-it-Metro mode.
Google says that it’s working on bring the same Pepper-based sandboxing to Chrome for Mac OS X and hopes to “ship it soon” (Linux users have enjoyed PPAPI-based Flash Player since Chrome 20).