New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 5 users

Issue metadata

Status: Untriaged
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 3
Type: Feature

Sign in to add a comment

Consider Site Isolation for Flash

Project Member Reported by, Feb 25

Issue description

Currently, Flash content for all sites/origins runs in a single Pepper Flash process. It might be a good idea to isolate Flash per site, if feasible.
Seems related to  issue 809614  and tsepez's work in  I know jschuh@ had some thoughts on this as well.
Components: Internals>Sandbox>SiteIsolation
For looking into it eons ago, my recollection is that it's in general hard to do, because of a few things (from memory):
1- Flash accesses shared resources (e.g. file system) without explicit locks (just relies on locking inside the Flash process).
2- It also has a cross-instance communication mechanisms, that isn't strictly isolated by origin ( IIRC in Pepper Flash it's implemented via a fully in-process mechanism, which would need to evolve to cross-process.
3- somewhat tangentially, for better or worse, Flash's network access policy is not same-origin policy + CORS, but their own mechanism. It's not necessarily a deal breaker to isolate plugin processes, but it would limit the upside.

Not sure whether or not it's possible to break #2 nowadays. I suspect #3 is likely to be needed.

Sign in to add a comment