It seems like the plugins in Chrome are not in a sandbox "One additional, important area that is not covered by the sandbox are plugins like Flash. Restricting what plugins can do does not fit well with what users expect, which makes plugins a major vector for attack. Langley said that the plugin support on Linux is relatively new, but "our experience on Windows is that, in order for Flash to do all the things that various sites expect it to be able to do, the sandbox has to be so full of holes that it's rather useless". He is currently looking at SELinux as a way to potentially restrict plugins, but, for now, they are wide open. "
Google's Chromium sandbox - http://lwn.net/Articles/347547/ (August 19, 2009) >From design-documents page "It is also possible to run the plugin processes inside a sandbox target, using the --safe-plugins command line." hm On Sat, Sep 5, 2009 at 12:23 PM, BlackHawk <[email protected]> wrote: > doesn't chrome already run any single tab in a sandbox? > > http://dev.chromium.org/developers/design-documents/sandbox > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
