New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 5 users

Issue metadata

Status: Untriaged
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 3
Type: Feature



Sign in to add a comment

Consider Site Isolation for Flash

Project Member Reported by palmer@chromium.org, Feb 25

Issue description

Currently, Flash content for all sites/origins runs in a single Pepper Flash process. It might be a good idea to isolate Flash per site, if feasible.
 
Cc: tsepez@chromium.org jsc...@chromium.org
Seems related to  issue 809614  and tsepez's work in https://chromium-review.googlesource.com/c/chromium/src/+/915182?  I know jschuh@ had some thoughts on this as well.
Components: Internals>Sandbox>SiteIsolation
Cc: piman@chromium.org
For looking into it eons ago, my recollection is that it's in general hard to do, because of a few things (from memory):
1- Flash accesses shared resources (e.g. file system) without explicit locks (just relies on locking inside the Flash process).
2- It also has a cross-instance communication mechanisms, that isn't strictly isolated by origin (https://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/LocalConnection.html). IIRC in Pepper Flash it's implemented via a fully in-process mechanism, which would need to evolve to cross-process.
3- somewhat tangentially, for better or worse, Flash's network access policy is not same-origin policy + CORS, but their own mechanism. It's not necessarily a deal breaker to isolate plugin processes, but it would limit the upside.

Not sure whether or not it's possible to break #2 nowadays. I suspect #3 is likely to be needed.

Sign in to add a comment