So does anyone know of a way to disable plugins that aren't completely safe?
On Fri, Dec 12, 2008 at 18:46, Cameron King <[email protected]> wrote: > This past week, a co-worker and I both got bitten by a PDF that loaded > in the browser using Adobe's plugin and carried a payload of two > executables files. Both Firefox and Chrome (with the help of Adobe's > plugin) let the malicious files execute. (It's a blood-chilling, > power-strip-kicking sort of feeling to see two malicious exe's running > as children under your browser in Task Manager...) > > In the past, I've always used Firefox+NoScript (among other plugins) > as a first line of defense against this sort of thing, but I switched > to Chrome when it first came out. Really, if I wanted to play with > Chrome I should have been running it in a VM... but what can I say? I > got excited... and lazy. > > I know that plugins can be sandboxed if they are "Chromified," but > it's my understanding that sandboxable plugins are few and far between > right now and that most plugins run outside the sandbox just like they > would in IE or Firefox. Is there any way to completely disable > support for non-sandboxed plugins until something like NoScript comes > along for Chrome? > > (Also, I'm having a hard time finding detailed information on how > Chrome manages security, so I apologize in advance if I've used the > wrong terminology. Is jail the right term instead?) > > -- > Cameron > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/chromium-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
