With an update pushed out recently, Google has now added a new security feature to Chrome on OS X by placing the Adobe Flash Player inside a sandbox to prevent exploits against Flash from affecting the browser or the rest of the applications on the machine.
Google has been working on sandboxing Flash in Chrome on the various platforms it supports for some time now, and Chrome on Windows has had a sandboxed version of Flash for nearly two years. Flash has been a constant target for attackers for several years now, thanks to its enormous installed base and the steady stream of vulnerabilities that have dogged the application recently. It is seen as a reliable attack vector for compromising browsers, especially after the advent of browser protections such as ASLR and DEP.
“Since 2010, we’ve been working with Adobe to improve the security of Flash Player. As of last week’s Stable release, Chrome’s built-in Flash Player on Mac uses a new plug-in architecture which runs Flash inside a sandbox that’s as strong as Chrome’s native sandbox, and much more robust than anything else available,” Scott Hess of Google said.
Sandboxes are protection mechanisms designed to prevent attackers from using an exploit in the protected application to compromise other applications on the system or the underlying operating system. Browser manufacturers, including Google and Microsoft, have been adding sandboxes to their browsers for the last several years. Internet Explorer has had a sandbox, known as Protected Mode, since IE 7 on Windows Vista. Chrome has been adding sandboxes to each of its versions of Chrome gradually in the last couple of years, and the latest release of Chrome for OS X represents the last step in that process.
“With this release, Flash Player is now fully sandboxed in Chrome on all of our desktop platforms, including Windows, Mac, Linux and Chrome OS. Ultimately, this means a safer experience for you as you browse the web. We take the security of Chrome extremely seriously, so we’re excited to be delivering these enhanced protections, and we’ve enjoyed collaborating with Adobe on this effort,” Hess said.