Adobe, Google release sandboxed Flash Player for Chrome

Adobe has worked with Google to extend the Google Chrome sandbox to Adobe Flash Player.

Adobe has worked with Google to extend the Google Chrome sandbox to Adobe Flash Player.

A "sandbox" approach isolates processes on the computer to stop malware from escaping an application to infect the machine.

The latest versions of Adobe software, Acrobat X and Reader X, include a sandbox approach called "protected mode", aimed at reducing both the frequency and impact of security vulnerabilities.

Although Flash Player already supports protected mode in Internet Explorer on Windows 7 and Windows Vista, this helps only a subset of Windows users.

Now, a prototype sandbox for Adobe Flash Player within the Google Chrome browser is available on the Google Chrome developer and canary channels.

For initial testing, the sandboxing code currently supports Windows XP, Windows Vista and Windows 7, said Peleus Uhley, senior security strategist, Adobe Secure Software Engineering Team.

"There are plans to make this available for all OS platforms once we are further along in testing and development. For Windows operating systems that support UAC, the sandbox allows Flash Player to run as a low-integrity process," he said in a blog post.

Adobe plans to test the prototype in the next few months and hopes to use the project as a basis for discussing sandbox approaches with other browser suppliers.

"Since this is a distinctly different sandboxing code base from Internet Explorer, we are essentially starting from scratch. Therefore, we still have a few bugs that we are working through," said Uhley.

This initial Flash Player sandbox is an important milestone in making Chrome even safer, said Justin Schuh and Carlos Pizano, software engineers at Google.

"In particular, users of Windows XP will see a major security benefit, as Chrome is currently the only browser on the XP platform that runs Flash Player in a sandbox," they said in a blog post.

This first iteration of Chrome's Flash Player sandbox for all Windows platforms uses a modified version of Chrome's existing sandbox technology that protects certain sensitive resources from being accessed by malicious code, while allowing applications to use less sensitive ones.

"This implementation is a significant first step in further reducing the potential attack surface of the browser and protecting users against common malware," they wrote.

Schuh and Pizano said although the initial sandbox covers much of the groundwork, there is still more work to be done, including improved protection against additional attack vectors.

"We will be using this initial effort to provide fully sandboxed implementations of the Flash Player on all platforms," they said.

Read more on Operating systems software