Forgot your password?
typodupeerror
Google Security Technology

Chrome Throws Flash Into the Sandbox 109

Posted by CmdrTaco
from the with-a-pail-and-shovel dept.
wiredmikey writes "Google announced today that it will be extending Chrome's sandboxing technology to include the Flash Player plug-in. 'Sandboxing' technology is a method of isolating an application from the rest of the operating system and tightly controlling its resources. According to Google, the new sandboxing feature adds an additional layer of protection and will help protect users against malicious pages that attempt to hijack systems or steal information from the system."
This discussion has been archived. No new comments can be posted.

Chrome Throws Flash Into the Sandbox

Comments Filter:
  • That'll be helpful if it supports Flex-framework apps (which it should, given that they run in the flash player).

    I've been developing a flex app for the Blackberry Playbook that's coming out in February; the ability to port it to the chrome store without much extra work would be handy.
    • Maybe you can explain this to me: what's the Chrome store other than a bunch of bookmarks?

      • Re: (Score:3, Interesting)

        by KublaiKhan (522918)
        Some of the applications are glorified bookmarks; others--the 'plugins'--extend functionality of the browser itself.

        For instance, there's a plugin that allows interface to the system's ping, ping6, traceroute, traceroute6, whois, and a couple of other net-centric functions. It includes some friendly interfacing, and it's smart enough to grab the current tab's URL as the target when invoked.

        If the 'plugin' functionality could invoke a flash app, that would work well for more complex programs, and would be h
      • Maybe you can explain this to me: what's the Chrome store other than a bunch of bookmarks?

        Its a curated, annotated list of bookmarks (for installable hosted web apps) and download links (for packaged apps [google.com]).

        Plus, of course, it has functions associated with purchase for non-free apps, and some other features beyond just being a list.

  • by wjousts (1529427) on Thursday December 16, 2010 @12:49PM (#34576060)
    You have to run it on a completely different machine. Can't get much more secure than that.
    • Or don't run it at all.
    • Apple has the ultimate Flash sandbox. You have to run it on a completely different machine.

      Why?

      • by chispito (1870390)
        Because he is comparing Chrome, a browser that runs on PCs, to IOS devices. I'm not sure why.
        • Because odds are it'll get rated +5 Insightful?
        • by icebike (68054)

          Because he is comparing Chrome, a browser that runs on PCs, to IOS devices.

          I'm not sure why.

          No, he's comparing running Flash on any other platform vs not running flash at all on IOS.

          But I suspect you knew that and were just trolling.

      • Well, the flashcookies and flash virusses are no problem if you can't run flash, so it's secure. About as secure as a box that's not connected to the internet is. But also as usefull.
        • That wasn't the confusing bit. It was the random reference iOS that threw me. He could have mentioned his Casio watch and it'd have been just as funny.

          • That a casio watch can't run flash isn't a high profile problem. That iOS can't is.
            If you are comparing the functionality of an iPad to a watch than that is funny in and of itself.
            • It's a sensationalized problem. Funny is trying to hypocritically justify it.

              • Well they do have a point. My Linux and M$ systems have their highest processor load when running flash video and the shit pushed towards you (as in virusses and cookies) isn't funny anymore.
                The problem is sensationalised. True. But for many people it seemed like a big deal, until Youtube fixed it. It may even be a good thing for HTML5 and Intel Atom systems.
    • As an admitted fan of the iOS line, that was comedy gold. Here's hoping the butthurt fanbois don't have mod points today.
  • It would depend on how much in resources is allocated to sandboxing. If this is a static number, then what if the flash is simply a flash banner ad and has resources allocated to it. Now, if the allocation is fully dynamic, this could be very awesome. They would still run into an inevitable problem of not enough resources on the machine, but then again, that is hard to avoid. I truly hope Google is not going to statically allocate resources since that would be bad. I have seriously made a logo for a pe
  • by Anonymous Coward

    Google earns money through advertising and wants to serve Flash banners (As doubleclick, which is already owned by Google, does). All new security holes in Flash cause more people to block or at least hate it. By sandboxing Flash in Chrome, Google both encourages people to use its browser and lowers the motivation to block all flash content. A great decision for Google and it happens to benefit the users, too.

    (As a freelancer who prefers Chrome as his browser, works mostly in internet advertising and occasi

  • by VGPowerlord (621254) on Thursday December 16, 2010 @12:59PM (#34576196)

    In case you missed it, the Chromium Blog talked about this in their December 1st blog entry [chromium.org].

    • by uncanny (954868)
      Well duh, because it was just announced today that Chrome is going to die anyways!
      • by 0x15e (961860)
        They it was suggested that Chrome OS is going to die, not Chrome the browser. Even then, it wasn't an announcement. It was a statement made by a former Google employee. Hardly anything official.
  • by gman003 (1693318) on Thursday December 16, 2010 @01:02PM (#34576266)
    After all, I already run Chrome itself in a sandbox. Firefox, too. Why?

    Pretty much every exploit now begins by "the user visits a website". After that, pretty much any technology can be the hole it exploits - Java, Flash, PDF viewing, even JPEG rendering has been exploited. There's an abundance of targets. The modern browser is just too big a platform to secure completely. So, I don't trust any browser more modern than Lynx.
    • by carkb (1344835) on Thursday December 16, 2010 @01:10PM (#34576430)
      Even Lynx is too 'modern'. Check this exploit: http://www.vupen.com/english/advisories/2010/2042 [vupen.com]
    • pretty much any technology can be the hole it exploits

      So, are you saying your sandbox code (which is probably not bug free) could be the source of some fruitful exploits?

      • by gman003 (1693318)
        Yes. It's had quite a few exploits found and fixed. There's definitely more to be found. I would not trust it to contain a known-malicious program. However, it's an effective barrier when combined with a decently-secure browser like Firefox or Chrome - not only does the "hacker" have to find an exploit in the browser, but in the sandbox as well, making it exponentially more difficult.
        • by NoSig (1919688)

          not only does the "hacker" have to find an exploit in the browser, but in the sandbox as well, making it exponentially more difficult.

          Huh, I'm pretty sure you don't know what exponential means, but you actually by mistake managed to use it in a way that makes a little sense, even if it takes a little creativity to see it. If the probability of being able to find a hole in a given layer is p, and there are n layers to get through (not just 2), and the probabilities are independent, the chance of finding a hole in all of them is p^n. Absurd assumptions, but it still amuses that someone used "exponentially" in a way that almost made sense in

    • by JSlope (1180805)
      By the way, I already run flash only with Chrome, it has a build in flash player and so I don't have to install adobe flash to all the browsers. I browse with firefox and opera and when I need to see a page with flash (usually it's a video) I copy the url and run it in Chrome.
  • Original Slashdot story [slashdot.org] from December 3rd.

  • Can the sandboxing be done in such a way that all the data written by FlashPlayer in local storage can be erased when it goes out of scope? Every invocation of flash player will be on a freshly cleared local storage and one flash run will not be able to retrieve cookies and other persistent data?
    • There isnt anything wrong with the concept of persistent local storage, the problem is multiple persistent local storage areas that a user has to jump through hoops to clear. HTML5, Cookies, and Flash Cookies all have this issue.

    • by ADRA (37398)

      I could see this breaking sites that actually use those cookies for something meaningful across invocations. I'm surprised that Adobe didn't just go down Java's route and use the browser's built-in cookie management system for taking care of their own cookie needs.

      • by Joe U (443617)

        I could see this breaking sites that actually use those cookies for something meaningful across invocations. I'm surprised that Adobe didn't just go down Java's route and use the browser's built-in cookie management system for taking care of their own cookie needs.

        Those are easy to manage. Flash cookies, not as easy.

        Well, not unless you understand how to create a RAMdrive and are familiar with MKLINK (in Windows).

        I like my RAMdrive, so many things live there, albeit shortly.

        • Flash cookies, not as easy.

          Well, not unless you understand how to create a RAMdrive and are familiar with MKLINK (in Windows).

          They’re just stored in your application data folder. Firefox has addons that will automatically delete Flash cookies (e.g. BetterPrivacy). Does Chrome? And even if Chrome doesn’t, it’d be easy enough to make a script that would do it on startup or shutdown.

          • by Joe U (443617)

            Too much trouble.

            I just point to a folder on the ramdrive and not only does flash get a little faster (very little), but there are no open files on the HDD.

            All my browser temp files live there, that way when I'm browsing the laptop shuts down the HDD.

            • Less trouble to install an extension than set up a RAMdrive, I think. Either way, it’s done and you can forget about it.

              • by Joe U (443617)

                Less trouble to install an extension than set up a RAMdrive, I think. Either way, it’s done and you can forget about it.

                Good point. It's my ramdrve.sys background, they were necessary way back when, so I tend to find a use for them now.

              • by HybridST (894157)
                The best upgrade to my portable rig with it's slow hard drive that i've made has been to add ram and move swap to ram(on heavily-tweaked xphome) leading to a 1400% (benchmarked!) speed increase for swapped data access! Now the system drive doesn't need to thrash constantly to handle FF with my 20-50 tab sessions, my DAW [wikipedia.org] and games run much more smoothly and i can eke out more work from the workhorse system.

                The naysayers will say to upgrade hardware or get a new system or drop in a second drive but for
                • I know exactly what you mean. I’ve debugged slow WinXP machines for people where it turned out they were “slow” because they only had 256MB of RAM. Good grief, people, drop the $40 or $20 it takes to get a gig or a half a gig of RAM (and tell them no, I don’t want to pay $60 for you to unscrew the panel on the case and pop it in for me), your computer will run just fine...

                • by ADRA (37398)

                  "i've made has been to add ram and move swap to ram"
                  Wow, please just turn off swapping all together and save yourself the trouble. You're just robbing from RAM the very resource that you need, RAM! The entire point for swapping is to save on RAM, and the very act of ram driving is taking away more of that precious resource. Just turn your swap off and kill the RAMDrive. I assure you that unless windows is on some serious drugs, your performance should improve.

  • Heck, I think Firefox did it already... I think Flash must have released an unstable version recently. I’ve had Firefox lock up on me a couple of times. Killing the “plugin container” process in Task Manager immediately made Firefox start responding again and display an info bar on pages that had been using Flash saying that a plugin had crashed (gee, wonder why?) and suggesting that I reload the page.

    • Chrome seperated the plugin as a seperate process, which Firefox then copied. But merely having the plugin as a seperate process does not mean the plugin is sandboxed. Flash still has access to install spyware on your computer. By placing the plugin in a sandbox, Flash doesn't have the right to hose your box.

      • Processes should already be running under limited user access, so I was thinking more in terms of stability than security. But you’re right.

  • would be to sandbox everything made by Adobe.
    • by gstoddart (321705)

      would be to sandbox everything made by Adobe.

      Or, don't install it if you can live without it.

      The overwhelming majority of stuff that I do online doesn't need flash -- I see it in ads more than I do anything useful, and that gets blocked by noscript before it can discover that I don't even have Flash installed.

      When I do need flash, I go into a fairly closed down VM image and run it -- and that's pretty rare, like twice/month tops. While I'm sure there are sites that people use that require it, I've always a

  • Litter box, sandbox; both are full of sand and "Tootsie Rolls".

  • If you browse in incognito mode does it then make all flash storage non-persistent? Because this is how the evercookie works across incognito.

  • I run my sandbox in a sandbox. That ought to be safe enough!

  • ... a long time ago. I'm not impressed.
  • Since a sandbox is a literbox and a litterbox is really just a toilet. That would mean they're throwing flash in the toilet. Perfect!
  • I think this is a good step forward. I'd like to see the majority of plugins in a sandbox. I like to use them, but you can't always be 100% sure if you can trust them or not. Sure, there are applications that have been around for ages, are designed by good companies that have decent reputations - but what about that "must have app" that you're not completely sure about? I know on my Blackberry, each application has its own permissions. I can add and remove permissions at will, and even set them to prom
  • It's the user who's in the sandbox with Google software. No chance of turning off the fade-in, or the instant search keylogger.
  • Something tells me the "we need monies!" department will trow a wrench in to the machinery.
    The tracking cookies will not be blocked and thus there will be a way to "escape" the sandbox. Google is an advertisement company you know.

    Disclaimer: I am a Google user. I am simply aware of their revenue stream.

If builders built buildings the way programmers wrote programs, then the first woodpecker to come along would destroy civilization.

Working...