The Year of the Sandbox isn’t Over Yet!

Peleus here. It may be December, but we still have time to squeeze one more sandbox into what some security people have referred to as “the year of the sandbox.” We recently posted a number of blogs describing the design and testing that went into the Adobe Reader X sandbox. So, what about Adobe Flash Player? Flash Player already supports Protected Mode in Internet Explorer on Windows 7 and Windows Vista, which helps run Internet Explorer and Flash Player in a low integrity process. However, this only helps a subset of Windows users.

To further extend our sandboxing efforts, Adobe has been working with Carlos Pizano and the Google Chrome team on a prototype sandbox for Flash Player within the Chrome browser. Today, the Chrome team published a brief introduction to the effort on the Google Chrome blog. The associated Chrome and Flash Player builds have been published on the Chrome developer and canary channels.

We have enabled sandboxing support within Chrome’s integrated version of Flash Player (gcswf32.dll). For initial testing, the sandboxing code currently supports Windows XP, Windows Vista and Windows 7. There are plans to make this available for all OS platforms once we are further along in testing and development. For Windows operating systems that support UAC, the sandbox allows Flash Player to run as a low integrity process.

Over the next few months, we will be testing and receiving feedback on this project. Since this is a distinctly different sandboxing code base from Internet Explorer, we are essentially starting from scratch. Therefore, we still have a few bugs that we are working through. We hope that we can use this experience as a platform for discussing sandbox approaches with the other browser vendors.

The Flash Player team and the Adobe Secure Software Engineering Team (ASSET) are excited to explore this area as an additional defense for protecting our end-users. In addition to sandboxes, we are moving forward in parallel with other Flash Player defenses, such as JIT spraying mitigations. I plan to discuss some of those features in a future blog post. In the meantime, please check out the Google Chrome blog, and if you are a Chrome user, please help us test this new approach.! Thanks to Carlos Pizano and the Google Chrome team for all their assistance in helping drive this project!