14 DAY TRIAL // Google has released the beta version of Google Chrome 9 for early adopters, whose Windows version features a sandboxed Flash Player plugin.
The plan to add Flash Player under Chrome's sandbox was announced back in March and the effort began by creating a Flash plugin version ships with the browser by default.
Since July, Flash Player comes integrated in Chrome as a file called gcswf32.dll. Since then, Adobe and Google developers have focused on sandboxing the plugin.
In secure software development sandboxing refers to the practice of isolating processes from the underlying operating system in order to restrict the impact of vulnerabilities.
This is done by creating a tightly controlled "broker" process through which all interaction with the system is done.
Chrome has been designed with sandboxing for HTML rendering and JavaScript execution from the very beginning, but sadly, as long as plug-ins run as separate unrestricted processes, users will be vulnerable to drive-by download attacks.
Because of this Google proposed the Pepper Plugin API (PPAPI) framework, which follows an in-process model. Chrome's Flash Player plugin was built using this new architecture.
Currently, it is only available for the Windows Chrome builds, but Google plans to extend it to all supported platforms in the future. Some bugs that affect the current version will be fixed until Chrome 9 stable lands in January.
Google Chrome beta builds are usually pretty solid and free of any major issues, but people who experience problems with the sandboxed Flash plugin can disable it by starting the browser with the --disable-flash-sandbox command line option.
"We hope that we can use this experience as a platform for discussing sandbox approaches with the other browser vendors," Peleus Uhley, platform security strategist with Adobe's Secure Software Engineering Team (ASSET), said at the beginning of this month when the technology was introduced in the Chrome 9 dev.