Consider Site Isolation for Flash
Project Member Reported by firstname.lastname@example.org, Feb 25
Currently, Flash content for all sites/origins runs in a single Pepper Flash process. It might be a good idea to isolate Flash per site, if feasible.
Seems related to issue 809614 and tsepez's work in https://chromium-review.googlesource.com/c/chromium/src/+/915182? I know jschuh@ had some thoughts on this as well.
For looking into it eons ago, my recollection is that it's in general hard to do, because of a few things (from memory): 1- Flash accesses shared resources (e.g. file system) without explicit locks (just relies on locking inside the Flash process). 2- It also has a cross-instance communication mechanisms, that isn't strictly isolated by origin (https://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/LocalConnection.html). IIRC in Pepper Flash it's implemented via a fully in-process mechanism, which would need to evolve to cross-process. 3- somewhat tangentially, for better or worse, Flash's network access policy is not same-origin policy + CORS, but their own mechanism. It's not necessarily a deal breaker to isolate plugin processes, but it would limit the upside. Not sure whether or not it's possible to break #2 nowadays. I suspect #3 is likely to be needed.
Sign in to add a comment