Feeds

Google updates Chrome Flash plugin for security, stability

Says it runs Flash content in Windows 8 better than IE10

High performance access to file storage

Just when you thought Adobe Flash was close to dying out on the web, none other than Google has stepped in to give the much-maligned rich media plugin a new coat of polish.

The latest stable version of the online ad-slinger's Chrome browser for Windows includes a redesigned version of the Flash plugin that Google reps say will not only make Flash content more stable and secure, but will allow Chrome to offer the best Flash user experience when browsing in whatever we're calling Windows 8's Metro mode now.

The new plugin ditches the ancient Netscape Plugin API (NPAPI) that web browsers have been using since Raquel Welch fought the dinosaurs, in favour of Google's home-grown Pepper Plugin API (PPAPI), which the search giant says offers improved security by isolating plugins inside their own protected "sandboxes" of memory.

"Windows Flash is now inside a sandbox that's as strong as Chrome's native sandbox, and dramatically more robust than anything else available," Google software engineer Justin Schuh writes in a blog post detailing the change.

In addition, he says, the move to PPAPI has made the Flash plugin more stable and allows it to take advantage of more of the advanced capabilities of modern browsers, such as Chrome.

"By eliminating the complexity and legacy code associated with NPAPI, we've reduced Flash crashes by about 20 per cent," Schuh writes. "We can also composite Flash content on the GPU, allowing faster rendering and smooth scrolling (with more improvements to come)."

Schuh says NPAPI was designed at a time when browser plugins were evolving rapidly to provide a wide range of capabilities. Because of this, NPAPI is a thin API that gives plugins lots of access to underlying OS features. But that flexibility also makes it insecure, which is why NPAPI plugins have been banned from the Windows 8 Start Menu environment, formerly known as Metro.

PPAPI doesn't allow plugins anywhere near the level of unfettered access to system resources that NPAPI does, which is why PPAPI plugins – including the new Flash plugin – will be able to run inside the Metro-style version of Chrome.

Contrary to early reports, Flash content will be viewable in the Metro-style version of Internet Explorer 10, but only if it meets Microsoft's compatibility guidelines. In addition to constraining the design of Flash content, those guidelines also exclude certain Flash APIs, including access to cameras, microphones, and printing.

Because of this, Schuh says, the Metro version of Chrome will be "the only way to use all Flash features on any site in Windows 8 Metro mode."

That excludes Firefox, too. Although Mozilla developers having been working on a similar plugin sandboxing feature, they say they are "not interested in or working on Pepper at this time," meaning Firefox won't be able to share Google's PPAPI Flash plugin.

Chrome updates are installed automatically and the Flash plugin comes bundled with the browser, so all current Chrome users on Windows should already have the new version of the plugin installed. Linux users have actually had it since the previous stable version of Chrome, and Schuh says a Max OS X version is coming. ®

Bootnote

Oh, and about those rumors of Flash's death? Mark Twain might have had something to say about them. According to a blog post by Google software engineer Carlos Pizano, when the online ad-slinger analyzed data from Chrome users, fully 99.9 per cent had fired up the Flash plugin at least once in the past 28 days.

By comparison, only 58 per cent had used Chrome's PDF viewer, 26 per cent had used Microsoft's Silverlight plugin, 12 per cent had used Java, and just 4 per cent had used Apple QuickTime.

High performance access to file storage

More from The Register

next story
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Windows XP still has 27 per cent market share on its deathbed
Windows 7 making some gains on XP Death Day
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
US taxman blows Win XP deadline, must now spend millions on custom support
Gov't IT likened to 'a Model T with a lot of things on top of it'
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.