Feeds

Google updates Chrome Flash plugin for security, stability

Says it runs Flash content in Windows 8 better than IE10

Choosing a cloud hosting partner with confidence

Just when you thought Adobe Flash was close to dying out on the web, none other than Google has stepped in to give the much-maligned rich media plugin a new coat of polish.

The latest stable version of the online ad-slinger's Chrome browser for Windows includes a redesigned version of the Flash plugin that Google reps say will not only make Flash content more stable and secure, but will allow Chrome to offer the best Flash user experience when browsing in whatever we're calling Windows 8's Metro mode now.

The new plugin ditches the ancient Netscape Plugin API (NPAPI) that web browsers have been using since Raquel Welch fought the dinosaurs, in favour of Google's home-grown Pepper Plugin API (PPAPI), which the search giant says offers improved security by isolating plugins inside their own protected "sandboxes" of memory.

"Windows Flash is now inside a sandbox that's as strong as Chrome's native sandbox, and dramatically more robust than anything else available," Google software engineer Justin Schuh writes in a blog post detailing the change.

In addition, he says, the move to PPAPI has made the Flash plugin more stable and allows it to take advantage of more of the advanced capabilities of modern browsers, such as Chrome.

"By eliminating the complexity and legacy code associated with NPAPI, we've reduced Flash crashes by about 20 per cent," Schuh writes. "We can also composite Flash content on the GPU, allowing faster rendering and smooth scrolling (with more improvements to come)."

Schuh says NPAPI was designed at a time when browser plugins were evolving rapidly to provide a wide range of capabilities. Because of this, NPAPI is a thin API that gives plugins lots of access to underlying OS features. But that flexibility also makes it insecure, which is why NPAPI plugins have been banned from the Windows 8 Start Menu environment, formerly known as Metro.

PPAPI doesn't allow plugins anywhere near the level of unfettered access to system resources that NPAPI does, which is why PPAPI plugins – including the new Flash plugin – will be able to run inside the Metro-style version of Chrome.

Contrary to early reports, Flash content will be viewable in the Metro-style version of Internet Explorer 10, but only if it meets Microsoft's compatibility guidelines. In addition to constraining the design of Flash content, those guidelines also exclude certain Flash APIs, including access to cameras, microphones, and printing.

Because of this, Schuh says, the Metro version of Chrome will be "the only way to use all Flash features on any site in Windows 8 Metro mode."

That excludes Firefox, too. Although Mozilla developers having been working on a similar plugin sandboxing feature, they say they are "not interested in or working on Pepper at this time," meaning Firefox won't be able to share Google's PPAPI Flash plugin.

Chrome updates are installed automatically and the Flash plugin comes bundled with the browser, so all current Chrome users on Windows should already have the new version of the plugin installed. Linux users have actually had it since the previous stable version of Chrome, and Schuh says a Max OS X version is coming. ®

Bootnote

Oh, and about those rumors of Flash's death? Mark Twain might have had something to say about them. According to a blog post by Google software engineer Carlos Pizano, when the online ad-slinger analyzed data from Chrome users, fully 99.9 per cent had fired up the Flash plugin at least once in the past 28 days.

By comparison, only 58 per cent had used Chrome's PDF viewer, 26 per cent had used Microsoft's Silverlight plugin, 12 per cent had used Java, and just 4 per cent had used Apple QuickTime.

Secure remote control for conventional and virtual desktops

More from The Register

next story
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
Redmond top man Satya Nadella: 'Microsoft LOVES Linux'
Open-source 'love' fairly runneth over at cloud event
Return of the Jedi – Apache reclaims web server crown
.london, .hamburg and .公司 - that's .com in Chinese - storm the web server charts
Chrome 38's new HTML tag support makes fatties FIT and SKINNIER
First browser to protect networks' bandwith using official spec
Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat
Four new patches for open-source crypto libraries
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.