Friday, July 16, 2010

SecBrowsing becoming an official part of Chrome

Last month the Chrome team announced a number of security features regarding plug-ins, including the integration of the SecBrowsing features in the browser.  Here's the relevant snippet from the blog post (http://blog.chromium.org/2010/06/improving-plug-in-security.html): 
Protection from out-of-date plug-ins: Medium-term, Google Chrome will start refusing to run certain out-of-date plug-ins (and help the user update).
The blog post enumerates all the current and upcoming security features in Chrome regarding plugins: 
  • More powerful plug-in controls
  • Autoupdate for Adobe Flash Player
  • Integrated, sandboxed PDF viewing
  • Protection from out-of-date plug-ins
  • Warning before running infrequently used plug-ins
  • A next generation plug-in API
As of Chrome v6.0.466.0 (developer channel as of July 15, 2010), SecBrowsing is partly integrated in Chrome. In "about:plugins", any plugins missing security updates are shown with a warning and a link to get the latest version. There is no active warning anywhere yet, but that's definitely coming up soon.