That's perfect, and attempting to go back to a page that loads Acrobat's PDF plugin fails - which is what I expect now. Thanks!
On Thu, Dec 18, 2008 at 10:28, Nicolas Sylvain <[email protected]>wrote: > You can use the command line --safe-plugins . It will put all the plugins > in the sandbox. Some of them will break. > You can also add some exceptions for the plugins you want to run outside > the sandbox (because they don't work in the sandbox and you "trust" them). > > For example, my command line looks like : > > --safe-plugins > --trusted-plugins=nppdf32.dll,npdsplay.dll,activex-shim,gears.dll > > If you find bugs with plugins, feel free to file bugs (and cc me if you > can), but since this is not supported yet, we might not get to them really > fast. > > Nicolas > > > > On Thu, Dec 18, 2008 at 7:45 AM, Cameron King <[email protected]>wrote: > >> So does anyone know of a way to disable plugins that aren't completely >> safe? >> >> >> On Fri, Dec 12, 2008 at 18:46, Cameron King <[email protected]>wrote: >> >>> This past week, a co-worker and I both got bitten by a PDF that loaded >>> in the browser using Adobe's plugin and carried a payload of two >>> executables files. Both Firefox and Chrome (with the help of Adobe's >>> plugin) let the malicious files execute. (It's a blood-chilling, >>> power-strip-kicking sort of feeling to see two malicious exe's running >>> as children under your browser in Task Manager...) >>> >>> In the past, I've always used Firefox+NoScript (among other plugins) >>> as a first line of defense against this sort of thing, but I switched >>> to Chrome when it first came out. Really, if I wanted to play with >>> Chrome I should have been running it in a VM... but what can I say? I >>> got excited... and lazy. >>> >>> I know that plugins can be sandboxed if they are "Chromified," but >>> it's my understanding that sandboxable plugins are few and far between >>> right now and that most plugins run outside the sandbox just like they >>> would in IE or Firefox. Is there any way to completely disable >>> support for non-sandboxed plugins until something like NoScript comes >>> along for Chrome? >>> >>> (Also, I'm having a hard time finding detailed information on how >>> Chrome manages security, so I apologize in advance if I've used the >>> wrong terminology. Is jail the right term instead?) >>> >>> -- >>> Cameron >>> >>> >> >> >> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/chromium-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
