14 DAY TRIAL // Google has released a new beta version of its Chrome browser, which addresses a serious vulnerability in the Flash Player plug-in and adds a sandboxed PDF viewer.
The new Chrome 8.0.552.28 Beta was expected to land a few days ago, when the Dev channel was updated to Chrome 9.0.570.0.
However, the company most likely waited for a Flash Player update from Adobe, which patches an actively exploited vulnerability announced last week.
Since June, Chrome has a bundled Flash Player plug-in built for the upcoming Pepper Plugin API (PPAPI) interface, which will allow Flash content to run in a sandbox.
Because of this, Chrome is somewhat tied to the Flash Player development cycle. If Adobe patches a hole in the application, Google also has to release a new version of the browser.
Of course, giving Chrome's auto-update mechanism, this is not a big problem. And so far, the company has managed to patch the bundled plug-in, before Adobe released the stand-alone Flash Player fixes.
As far as the PDF support is concerned, however, Google decided to go in a different direction and create its own viewer, instead of bundling Adobe's plug-in.
This is also probably because Adobe Reader has a large footprint and is full of functionality that is not required for the most basic use cases.
Google wanted something simple and fast, but the road to a native PDF viewer has been paved with lots of bugs. Now, it's finally here, enabled by default in the beta version, and will probably make it to the stable in about a month.
From a security perspective, the most important aspect that the viewer runs in a restricted environment, making vulnerability exploits targeting it very unlikely.
"Just like we do with web pages viewed in Chrome, we’ve built in an additional layer of security called the 'sandbox' around the Chrome PDF viewer to help protect you from malware and security attacks that are targeted at PDF files," explains Google Software Engineer John Abd-El-Malek.