Plugin Security Changes Coming To Google Chrome
Integrating the Flash plugin and a pdf reader in Google Chrome has been a controversial move. Some users liked the idea as it allowed them to access contents without having to install the necessary plugins first, others feared the worst, that Google would lack behind in updating the plugins whenever a security update would be issued by Adobe.
But the fear is only one side of the medal. Users who are careless about the installed plugins are benefiting immensely from the internal plugins. They personally do not have to follow the latest security announcements to update their plugins the second a new update is issued, Google does that for them.
Chrome users who prefer not to use the internal plugins can disable them easily.
The Chrome developers have added another powerful weapon to the web browser; Plugin controls that can be used to allow plugins only on whitelist domains, trusted domains that the user added to the browser.
The plugins will simply not work on other websites if configured correctly. That’s beneficial to users who need Flash or another plugin on a handful of sites only.
Google does not stop here, several interesting additions to Chrome’s plugin handling have been announced at the official Chromium Blog.
Google Chrome will protect the users from outdated plugins. It will simply refuse to run them and aid the user in updating the plugins so that they can be used again in the web browser. It is not clear how the plugin database will be maintained, it is however unlikely that all plugins available worldwide are listed in it. It is likely that the most popular plugins are maintained in the database.
Protection from out-of-date plug-ins: Medium-term, Google Chrome will start refusing to run certain out-of-date plug-ins (and help the user update).
A second interesting feature is the ability to warn users of plugins that have been infrequently used in the past. Some plugins are installed by software or the user and never used in the web browser. Chrome will warn the user about those plugins so that they can be deactivated in the plugin manager.
Warning before running infrequently used plug-ins: Some plug-ins are widely installed but typically not required for today’s Internet experience. For most users, any attempt to instantiate such a plug-in is suspicious and Google Chrome will warn on this condition
Those two additions can be very helpful and it is likely that other browser developers will offer those features in their browser eventually as well. Mozilla has already started to inform users about outdated plugins during updates.
© Martin for gHacks technology news, Software And Internet Tips For The Geek In You, 2010.