The Google Chrome team has moved the Flash plugin into a separate sandbox on all versions of Windows to make it harder for attackers to exploit.
Attackers regularly target third-party browser plugins to gain control over the Web browser and the rest of the system. Even though Google tests and bundles Flash Player into Chrome, instead of having users download it separately, the code is from Adobe, not from Google. The Flash Player plugin bundled with Google Chrome was used last year and this year by researchers during the Pwn2Own hacking competition at CanSecWest.
“Today’s Chrome 21 beta release has fully sandboxed Flash on all versions of Windows,” Justin Schuh, a member of Google Chrome team, posted on Twitter.
At the moment, not all plugins are sandboxed in Chrome. Sandboxing means that applications are isolated from other processes the browser is running, and prevents it from accessing other resources to take over the browser or the rest of the computer.
Schuh’s post seems to imply, however, that there are degrees of sandboxing. Google has had Flash in a sandbox as far back as 2010, but Schuh referred to a “fully sandboxed” version of the Flash plugin. Even if attackers mange to exploit a Flash vulnerability, as the VUPEN team did during Pwn2Own, the newer, more restrictive sandbox will prevent a system takeover.
We’ve reached out to Google to clarify the “fully sandboxed” comment and will update when we hear back.
However, early comments on the Google Chrome Releases blog indicate there may be a problem with Flash video on Chrome 21 beta. “All of a sudden the audio on all videos I played was choppy on all sites that I visited,” a user posted as a comment on the blog post. The videos appear to be Flash, and play just fine under other browsers, according to the comment.
