Chrome fully sandboxes Flash, reduces crashes by 20 per cent

by Alistair Lowe on 9 August 2012, 11:15

Tags: Google (NASDAQ:GOOG), Adobe (NASDAQ:ADBE)

Quick Link: HEXUS.net/qabkqv

Add to My Vault: x

It was earlier this year that the previously bullet-proof Google Chrome was officially hacked for the first time. Whilst the hack in question involved the use of an internal security flaw that has since been patched, hackers were only able to reach the browser's guts by breaking through the barrier of the sandbox that Chrome provides, which allows code to run in a safe, self-contained environment.

Whilst it was never officially confirmed, it's strongly believed that hackers only made it through Chrome's sandbox thanks to Adobe's Flash plug-in, which requires that many holes be left in the sandbox wall so that Flash can use features of the host computer, with Flash itself being notoriously insecure and open to exploits. Naturally this creates a conduit through which hacks may be executed.

Likewise, those who use Chrome will have no-doubt spotted that the vast majority, if not all of their browser crashes are related to Flash, either on a tab or browser level; Flash really has been the weak link in the Chrome equation, up until now that is.

As of Google Chrome 21, support for a new Flash sandbox in Windows has been introduced - including Windows XP, co-developed by Google and Adobe over a two year period, demonstrating that the two firms had indeed been listening to consumer complaints and were aware of issues for quite some time.

The new sandbox is claimed to be "as secure" as Chrome's native sandbox system and, has been made possible through the use of Chrome's latest PPAPI plug-in architecture, whereas previously, Flash was implemented in the aging NPAPI plug-in standard. The benefits of PPAPI don't just stop at security, however; stability has been improved, reducing the chance of a Flash crash by 20 per cent, with crashes less likely to affect the browser as a whole, likewise, PPAPI provides access to 3D acceleration, allowing Flash compositing to take place on the GPU, for faster and smoother animation.

As a side-benefit, the new plug-in will allow Flash for Chrome to run fully in Windows 8 Metro? mode, something not previously possible with the old architecture. With this latest development, Chrome has patched one of its greatest weaknesses and is ready to defend its title of Browser King with renewed vigor.



HEXUS Forums :: 9 Comments

Login with Forum Account

Don't have an account? Register today!
Must say the chrome beta channel is running very nicely on Windows 8 rtm, none of the crashes on flash pages that I experienced on the previews. Also just using the included ati drivers which seem pretty sturdy so far.
Sadly, Chrome, as a result of Flash (and probably related to this new sandbox), is broken in the latest official build.

The vast majority, if not all Flash videos, Youtube included, refuse to play sound and video cuts out after a few seconds. The supposed fix is to go down to 2 channels of sound, but I've had calls from others with only 2 speakers, so feck knows.

There is a fix by temporarily disabling one of the Flash plugins, but Google don't recommend it. Personally, I'm just using Firefox again.

Edit: Ooh, update. Flash videos work again. :)
I'm not sure if this'll help me; if i'm watching a Flash vid and try to fullscreen it, no matter what the quality (on Youtube, say) usually a second later the screen'll flash, and explorer.exe will restart but with Aero disabled, and a little pop-up from the taskbar saying that the ATI display drivers had stopped working but have now recovered. It happens all the time but only ever with Flash, and i'm using Chrome. I hope there is a fix coming.
The update fixed the lack of sound and video stopping, but now the audio is out of sync. Grr.
Article doesn't mention that as of late Chrome and Flash haven't played well together at all. I've had to disable the internal Flash Player and use the external Windows one.