14 DAY TRIAL // Google is well on its way of delivering on the promise of sandboxed Flash content in Chrome, as the technology has been enabled by default in Chromium over the weekend.
Back in June, Chrome has began bundling a special Flash Player plug-in designed by Adobe to make use of the new Pepper Plugin API (PPAPI).
At the time, Google revealed that in the future the plug-in is expected to run within Chrome's sandbox, meaning that Flash content will have limited and strictly controlled access to the operating system.
This makes it very difficult for attackers to exploit Flash Player vulnerabilities in order to execute malicious code on the target computers.
Along with applications like Java or Adobe Reader, Flash Player has become one of the most targeted programs in drive-by download attacks, where users are infected by simply visiting a specially crafted Web page.
According to a revision made Saturday in the Chromium repository, the sandboxed Flash plug-in has been turned on by default, which means that it will make it into Chrome 9 Dev shortly.
The revision notes specify that the latest version of Flash required for this to work is 10.1.103.19, which has been released on November 4.
We previously noted that there is a discrepancy between the Flash Player embedded in Google Chrome (10.1.103.19) and the one available to the rest of the browsers (10.1.102.64). This latest sandbox news explains the mysterious version difference.
Given Chrome's fast-paced development, we expect the sandboxed Flash Player to make it into the stable build sometime in January.
According to Download Squad there are indications that not only the embedded Flash plug-in will be sandboxed, but also the stand alone Flash Player versions released by Adobe, which the browser can use.
The news comes after at the beginning of the month a native sandboxed PDF viewer has beed added to Chrome 8 Beta.