chromium rolling-out-sandbox-for-adobe-flash

[vtol]

the chromium blog

Quote:

Since this past March, we’ve been working closely with Adobe to allow Flash Player to take advantage of new sandboxing technology in Chrome, extending the work we’ve already done with sandboxing for HTML rendering and JavaScript execution. This week, we’re excited to roll out the initial Flash Player sandbox for our dev channel users on Windows XP, Vista and 7.

if posted already please delete

Thank you for the info, vtol. This looks to be a nice security improvement. I'm really liking Chrome, too.

[funkydude]

Nice change, good to see, hopefully on portableapps soon.

Quote:

In particular, users of Windows XP will see a major security benefit, as Chrome is currently the only browser on the XP platform that runs Flash Player in a sandbox.

Is this talking about IE's protected mode on 7/Vista?

[m00nbl00d]

Quote:

Originally Posted by funkydude

Nice change, good to see, hopefully on portableapps soon.



Is this talking about IE's protected mode on 7/Vista?

I'm not sure how it could be related to that, because IE's Protected Mode is nothing but a low integrity level, and integrity levels were only introduced with Windows Vista, and now Windows 7.

Maybe another sandbox implementation of some sort.

[Kees1958]

Chrome's sandbox


I can't explain any better than this
a) reduced rights (to LOW) of the sandboxed tabs (in which java script runs)
b) assignes a restricted SID to the tab.
c) assigns a job id, which prevents access to user handles outside the job, it also says that it is only allowed to access restricted token objects, is not allowed to debug, log off, etc and die's on exceptions (so for people complaining that Chrome is unstable when looking at movies at porn sites, be happy Chrome did protect you).
d) switches to an alternate desktop which prevents windows messaging stuff etc.

As an example Tzuk told that SBIE on x64 could not prevent messaging to services (d). So Chrome's realises total isolation (also on x64 systems)

see http://dev.chromium.org/developers/design-documents/

[m00nbl00d]

Quote:

Originally Posted by Kees1958

Chrome's sandbox


I can't explain any better than this
a) reduced rights (to LOW) of the sandboxed tabs (in which java script runs)
b) assignes a restricted SID to the tab.
c) assigns a job id, which prevents access to user handles outside the job, it also says that it is only allowed to access restricted token objects, is not allowed to debug, log off, etc and die's on exceptions (so for people complaining that Chrome is unstable when looking at movies at porn sites, be happy Chrome did protect you).
d) switches to an alternate desktop which prevents windows messaging stuff etc.

As an example Tzuk told that SBIE on x64 could not prevent messaging to services (d). So Chrome's realises total isolation (also on x64 systems)

see http://dev.chromium.org/developers/design-documents/

Yes, correct.

I just thought/wondered if they were introducing some new additional sandbox of some sort to what it already is to increase the protection for Windows XP, considering they mention

Quote:

This first iteration of Chrome’s Flash Player sandbox for all Windows platforms uses a modified version of Chrome’s existing sandbox technology

According to what they're saying here, they could be introducing something new to protect the plugin/what malware could possibly do through the plugin?

[Kees1958]

There will be the first instance running with medium rights, plug-ins with low rights and asigned job-id (for better user space protection, limiting control on other processes), next the tabs with restricted token and alternative desktop, compiled & assembled javascript (to filter out some data and access overflow exceptions used by malware) running inside of a tab with hidden object classes (instead of shared libraries) for further isolation.

IE was the first to use protected mode, but Chrome improved this substantionally. Firefox has just managed out of process feature, sandbox is not scheduled for 2011, taken the time it needs to develop I would say second/third quarter of 2012 the earliest.