Google adds Flash sandbox to Chrome beta

New version also includes Chrome Instant for search previews and speedier page loads

Two weeks after it debuted a sandbox to isolate Adobe's Flash Player plug-in, Google today pushed the security enhancement to the more reliable beta channel of its Chrome browser.

Chrome users already running the beta build will be automatically updated to the version that includes the sandboxed Flash.

A "sandbox" isolates processes on the computer, preventing or at least hindering malware from escaping an application to wreak havoc on the machine.

That's become increasingly important for Flash, as the popular media player has been aggressively targeted by hackers this year. Adobe has had to patch Flash five times since January, and in several cases was forced to scramble to release emergency fixes as new attacks surfaced.

Chrome's Flash sandbox relies on some elements of the already-in-place technology that the browser uses to protect HTML and JavaScript. But much of the new work was created from scratch in cooperation with Google, an Adobe executive said when the two companies announced the inclusion of the sandbox in Chrome's "dev" channel Dec. 1.

"The biggest challenge was getting the full functionally of Flash from within this new sandbox," said Brad Arkin, Adobe's director of security and privacy, two weeks ago.

Although the sandbox is currently available only in the Windows version of Chrome, Google has promised to add the same functionality to the Mac and Linux editions. Google did not spell out a timetable for those updates, however.

The newest Chrome beta also includes the browser's version of Google Instant, the preview introduced last month to Google's search engine that shows thumbnail images of Web pages in a search result list.

Dubbed Chrome Instant in the browser, the feature loads Web pages as soon as the user starts typing a URL, said Google software engineer Carlos Pizano in a note on the Chrome blog today.

"In addition, if supported by your default search engine, search results appear instantly as you type queries in the omnibox," said Pizano, referring to Chrome's combination address bar and search field. "In-line predictions will also appear to help guide your search."

Chrome Instant is not enabled by default in the newest beta, but must be switched on from the Basics tab of Chrome's options or preferences.

Google maintains three separate "channels" for Chrome, ranging from stable to beta to dev, the latter two less stable and reliable than the previous.

Users can download the Chrome beta or switch from stable or dev to the beta channel by visiting Chrome's Web site.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsGooglesecuritybrowserssoftwareInternet Searchinternetsearch engines

More about Adobe SystemsGoogleLinux

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place