14 DAY TRIAL // The new out-of-date plugin blocking feature in Chrome 10 started as an extension developed by Google security engineers in the 20% of time the company allows them to use for personal projects.
The Web has long become the primary malware distribution vector and one of the most effective methods is drive-by download attacks that exploit vulnerabilities in browser plugins like Flash, Adobe Reader, Java and so on.
When we spoke with Ondrej Vlcek, CTO at Avast Software, last month, he told us that browsers are actually some of the most secure pieces of software one can find on computers.
This is because they've been heavily scrutinized by security researchers already. However, the same cannot be said about plugins and that's what makes them attractive targets for attackers.
Keeping plugins up-to-date is no easy task and it requires users realizing they are outdated in the first place.
Locating the new version for each one by going to their corresponding website and then installing it is not very convenient either and this is what motivated Panayiotis Mavrommatis and Noé Lutz of the Google Security Team.
"Keeping all of your plugins up-to-date with the latest security fixes can be a hassle, so a while ago we started using our 20% time to develop a solution.
"The initial implementation was a Chrome extension called 'SecBrowsing,' which kept track of the latest plugin versions and encouraged users to update accordingly," the two explain.
That extension helped the engineers better understand plugins and soon enough they began working with the Chrome development team to implement the feature natively.
The latest version of the browser automatically disables outdated plugins and advises users to update them. It even goes further and helps with locating the new versions. Of course, the option to override the block, but we don't recommend people using it.