Adobe Flash remains a popular attack vector for malware authors. In addition to a seemingly never-ending supply of security flaws, bad guys know that people who use Flash often ignore the updater's prompts. That leaves users in an even more tenuous position, since they're still vulnerable to attacks Adobe has already patched.

That's one big advantage to Google Chrome's internal Flash plug-in. Since updates are delivered silently in the background to users, the internal plug-in is always up-to-date. This keeps everyone as safe as possible, but Chrome offers one more way to protect its users: sandboxing. By running unfamiliar Web code in its isolated sandbox, Chrome can execute that code in a safe environment -- where it can't harm your operating system.

Back when Google first announced internal Flash, one of their stated goals was "to further protect users by extending Chrome's 'sandbox' to web pages with Flash content." According to revision 66022, Google is making good on their promise. Sandboxed Flash is now supported in the Chromium source code, and should be available to Windows users of Canary and Chrome Dev very soon. A quick look through the source code seems to indicate that Chrome can sandbox not only its own internal Flash plug-in, but also the traditional Adobe version -- as long as it's version 10.1.103.19 or better.

This is great news for Chrome users. It was already an incredibly difficult browser to exploit, and sandboxing Flash will add another layer of armor to its defenses.

Google Chrome sandboxes Flash for more secure browsing originally appeared on Download Squad on Mon, 15 Nov 2010 07:17:00 EST.