The Google Chrome developers, with help from Adobe, have improved the sandboxing of the browser’s Flash plugin. To enable the improved sandboxing, the developers have ported the Flash player plugin from the older Netscape Plugin API (NPAPI) to Google’s Pepper Plugin API (PPAPI) architecture, which was developed especially to allow advanced features such as sandboxing and hardware graphics acceleration to be implemented. These improvements have now arrived as defaults in the Windows version of the browser.
In a post on the official Chromium blog, the developers explain that porting the plugin to the Pepper API from the older NPAPI architecture enabled them to make the changes that were necessary to improve the sandboxing of the Flash plugin. According to the developers, the capabilities of NPAPI reached a point that “hamstrung future improvements”. Using the Pepper API, the Flash plugin has similar protection to tabs and plugins which are isolated using Chrome’s native sandbox.
Google says that this protection is “dramatically more robust than anything else available”, especially as Flash does not implement ASLR (Address Space Layout Randomisation). Google says that since last week’s stable Chrome update, all Windows users, including those using Windows XP, now benefit from the new capabilities.
The Linux version of Chrome with bundled Flash has been using the new API since the release of Chrome 20 and support for Mac OS X will “ship soon”, according to Google. While the Pepper API is included in Chromium, the open source upstream release of the Chrome browser, the Flash plugin is not bundled with the browser so Chromium users do not benefit from these improvements.