Google brings more secure, sandboxed Flash plugin to Chrome for Mac

“Nearly three months after delivering a more secure, modernized Flash plugin to Chrome users on Windows, Linux, and Chrome OS, Google has extended those safeguards to Mac OS X,” Chris Welch reports for The Verge.

“Flash, frequently targeted as a backdoor for malware, is now fully sandboxed within the browser with isolation Google says is as strong as Chrome’s own native sandboxing,” Welch reports. “In theory, that means should you come across a malicious website or script, the harmful code would be relegated to a single browser window and thus be prevented from accessing to your computer or personal files.”

Read more in the full article here.

19 Comments

  1. “should you come across a malicious website or script, the harmful code would be relegated to a single browser window and thus be prevented from accessing to your computer or personal files.”

    Unfortunately, the browser itself isn’t prevented from accessing your computer or personal files.

    1. Each browser tab in Chrome is sandboxed, sure its not perfect security but its a hell of a lot more secure than running say Internet Explorer with the Adobe Flash plugin on a windows machine!

  2. My Mac is Flash-free as far as a system-wide install, but I do fire up Chrome for sites with unavoidable Flash.

    Youtube, for instance–so many friggin videos require Flash now, even in the “HTML5 beta.” And why? Not to enhance the experience, hell no, but so they can overlay advertising bugs on videos a few seconds after playback starts.

    Fsckers.

      1. They worked fine on my previous system. I made an effort with my new system not to install Flash, period. Chrome is the one exception, and it’s only running when I copy-and-paste a specific URL to it.

        It’s an annoying process though. A year ago most Youtube videos were playable without Flash. Heck, even MDN, a big no-Flash advocate, keeps posting videos that use it, so maybe this is a pointless effort and we all need to accept Flash is here to stay on the desktop.

    1. Get the following extensions for Safari and use them:

      ClickToFlash
      ClickToPlugin
      AdBlock
      Ghostery

      ClickToFlash prevents Flash windows from running unless you double-click them.

      ClickToPlugin does the same for other extensions.

      AdBlock blocks ads unless you give permission for them to run.

      Ghostery prevents Google and others from installing tracking cookies when you visit a web site.

      Manage them in the “Extensions” menu under the Safari menu. Download them under the Safari drop down menu item “Safari Extensions”.

      1. More good plugins
        Facebook Blocker- blocks Farcebook content
        Shellfish- blocks share this article shit
        Incognito- Blocks Google Adsense and Analytics
        Collusion- shows who is tracking you and can block known tracking sites.
        Do Not Track Plus
        Google Analytics Opt Out Beta
        Javascript Blacklist

      2. The problem with ClickToFlash is that they report the browser is flash capable and so it gets served a version with flash content and ads and the like.

        I get by like mossman as well.

    1. I’ve attempted to compromise by using ‘Chromium’, the better of the two 3rd party compilations that don’t infest you (as much) with tracking. Even then I don’t like the thing. The minimized beyond function Preferences is enough to make me nauseous. Surprise: I’m not surprised. Google wrote most of it.

      And no kids. There’s nothing remarkably ‘fast’ about Chrome. It’s just another WebKit browser.

  3. All Google software phones home constantly. If you have Little Snitch, Intego Virus Barrier X6 or some other program that alerts you to outgoing connections not initiated by you, you will be driven mad by Google software’s constant phoning home.

    Google claims this is to check for updates, but the shit happens every hour of the day and night if you have any of their software installed- even when it is not in use.

    You can delete the offending component, but I think it does more than check for updates. Google is being evil this way.

    1. “but the shit happens every hour of the day and night”

      What part actually makes you think that this is something other than checking for updates? It isn’t really that absurd to check for updates every hour. Plus, you mentioned that it does it even when not in use. Why would something report your usage data if you hadn’t used it?

      Unless you’ve analyzed the packet contents, then you aren’t accusing them of tracking you because you know they’re tracking you from observation, but because you already thought they were evil to begin with.

  4. Native sandboxing…. In theory, that means should you come across a malicious website or script, the harmful code would be relegated to a single browser window and thus be prevented from accessing to your computer or personal files.

    Just like Java.
    OOPS!

    IOW: We shall see.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.