To appreciate just what a big step forward this is, it helps to understand a bit more about the history and architecture of NPAPI plug-ins. At its core, NPAPI is a thin layer of glue between the web browser and a native application. In the early days of the Web this provided a tremendous advantage, because it allowed third-party plug-ins to evolve rapidly and implement new capabilities, moving the whole web forward.
Unfortunately, as the web evolved, the past benefits of NPAPI became liabilities. The thinness allowed legacy browser and OS behavior to bleed through and crystallize to the point that it hamstrung future improvements. As browsers add compelling features like sandboxing, GPU acceleration, and a multi-process architecture, the legacy of NPAPI severely impedes or outright prevents us from extending those improvements to any pages with plug-in content.
By porting Flash to PPAPI we’ve been able to achieve what was previously impossible with NPAPI for the 99.9% of Chrome users that rely on Flash. Windows Flash is now inside a sandbox that’s as strong as Chrome’s native sandbox, and dramatically more robust than anything else available. And for the first time ever, Windows XP users (specifically, over 100 million Chrome users) have a sandboxed Flash—which is critical given the absence of OS support for security features like ASLR and integrity levels.
Beyond the security benefits, PPAPI has allowed us to move plug-ins forward in numerous other ways. By eliminating the complexity and legacy code associated with NPAPI, we’ve reduced Flash crashes by about 20%. We can also composite Flash content on the GPU, allowing faster rendering and smooth scrolling (with more improvements to come). And because PPAPI doesn’t let the OS bleed through, it’s the only way to use all Flash features on any site in Windows 8 Metro mode.
Moving forward, we’re finishing off the PPAPI Flash port for Mac OS X and hope to ship it soon. And Linux users have already been benefiting from PPAPI Flash since Chrome 20, along with Chrome OS users who have been running it for almost a year. Soon all Chrome users will have access to the improved security, stability, and performance of PPAPI Flash.
Posted by Justin Schuh, Software Engineer and Boring Security Guy
DIGITAL JUICE
No comments:
Post a Comment
Thank's!