Feeds

Google updates Chrome Flash plugin for security, stability

Says it runs Flash content in Windows 8 better than IE10

Business security measures using SSL

Just when you thought Adobe Flash was close to dying out on the web, none other than Google has stepped in to give the much-maligned rich media plugin a new coat of polish.

The latest stable version of the online ad-slinger's Chrome browser for Windows includes a redesigned version of the Flash plugin that Google reps say will not only make Flash content more stable and secure, but will allow Chrome to offer the best Flash user experience when browsing in whatever we're calling Windows 8's Metro mode now.

The new plugin ditches the ancient Netscape Plugin API (NPAPI) that web browsers have been using since Raquel Welch fought the dinosaurs, in favour of Google's home-grown Pepper Plugin API (PPAPI), which the search giant says offers improved security by isolating plugins inside their own protected "sandboxes" of memory.

"Windows Flash is now inside a sandbox that's as strong as Chrome's native sandbox, and dramatically more robust than anything else available," Google software engineer Justin Schuh writes in a blog post detailing the change.

In addition, he says, the move to PPAPI has made the Flash plugin more stable and allows it to take advantage of more of the advanced capabilities of modern browsers, such as Chrome.

"By eliminating the complexity and legacy code associated with NPAPI, we've reduced Flash crashes by about 20 per cent," Schuh writes. "We can also composite Flash content on the GPU, allowing faster rendering and smooth scrolling (with more improvements to come)."

Schuh says NPAPI was designed at a time when browser plugins were evolving rapidly to provide a wide range of capabilities. Because of this, NPAPI is a thin API that gives plugins lots of access to underlying OS features. But that flexibility also makes it insecure, which is why NPAPI plugins have been banned from the Windows 8 Start Menu environment, formerly known as Metro.

PPAPI doesn't allow plugins anywhere near the level of unfettered access to system resources that NPAPI does, which is why PPAPI plugins – including the new Flash plugin – will be able to run inside the Metro-style version of Chrome.

Contrary to early reports, Flash content will be viewable in the Metro-style version of Internet Explorer 10, but only if it meets Microsoft's compatibility guidelines. In addition to constraining the design of Flash content, those guidelines also exclude certain Flash APIs, including access to cameras, microphones, and printing.

Because of this, Schuh says, the Metro version of Chrome will be "the only way to use all Flash features on any site in Windows 8 Metro mode."

That excludes Firefox, too. Although Mozilla developers having been working on a similar plugin sandboxing feature, they say they are "not interested in or working on Pepper at this time," meaning Firefox won't be able to share Google's PPAPI Flash plugin.

Chrome updates are installed automatically and the Flash plugin comes bundled with the browser, so all current Chrome users on Windows should already have the new version of the plugin installed. Linux users have actually had it since the previous stable version of Chrome, and Schuh says a Max OS X version is coming. ®

Bootnote

Oh, and about those rumors of Flash's death? Mark Twain might have had something to say about them. According to a blog post by Google software engineer Carlos Pizano, when the online ad-slinger analyzed data from Chrome users, fully 99.9 per cent had fired up the Flash plugin at least once in the past 28 days.

By comparison, only 58 per cent had used Chrome's PDF viewer, 26 per cent had used Microsoft's Silverlight plugin, 12 per cent had used Java, and just 4 per cent had used Apple QuickTime.

Choosing a cloud hosting partner with confidence

More from The Register

next story
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
Mozilla shutters Labs, tells nobody it's been dead for five months
Staffer's blog reveals all as projects languish on GitHub
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
Not fit for purpose on day of launch, says Cupertino
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.