This past week, a co-worker and I both got bitten by a PDF that loaded in the browser using Adobe's plugin and carried a payload of two executables files. Both Firefox and Chrome (with the help of Adobe's plugin) let the malicious files execute. (It's a blood-chilling, power-strip-kicking sort of feeling to see two malicious exe's running as children under your browser in Task Manager...)
In the past, I've always used Firefox+NoScript (among other plugins) as a first line of defense against this sort of thing, but I switched to Chrome when it first came out. Really, if I wanted to play with Chrome I should have been running it in a VM... but what can I say? I got excited... and lazy. I know that plugins can be sandboxed if they are "Chromified," but it's my understanding that sandboxable plugins are few and far between right now and that most plugins run outside the sandbox just like they would in IE or Firefox. Is there any way to completely disable support for non-sandboxed plugins until something like NoScript comes along for Chrome? (Also, I'm having a hard time finding detailed information on how Chrome manages security, so I apologize in advance if I've used the wrong terminology. Is jail the right term instead?) -- Cameron --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/chromium-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
