Google Chrome protecting users from "plug-in exploits"

To better protect Google Chrome users from the threat of plug-in exploits, Google've announced a couple of initiatives:Chrome now has ability to disable individual plug-ins (about:plugins) or to operate in a "domain whitelist" mode whereby only trusted domains are permitted to load plug-ins (Options->Content Settings->Plug-ins).By including Adobe Flash Player -- we can re-use Chrome's autoupdate […]

To better protect Google Chrome users from the threat of plug-in exploits, Google've announced a couple of initiatives:

  • Chrome now has ability to disable individual plug-ins (about:plugins) or to operate in a "domain whitelist" mode whereby only trusted domains are permitted to load plug-ins (Options->Content Settings->Plug-ins).
  • By including Adobe Flash Player -- we can re-use Chrome's autoupdate strategy and minimize the window of risk for patched vulnerabilities.
  • Integrated, sandboxed PDF viewing. This'll make it harder for PDF-based vulnerabilities to result in persistent installation of malware.
  • Protection from out-of-date plug-ins feature will start refusing to run certain out-of-date plug-ins.
  • Warning before running infrequently used plug-ins. For most users, any attempt to instantiate such a plug-in is suspicious and Google Chrome will warn on this condition.
  • "Pepper" next generation plug-in API makes it easier to sandbox plug-ins.

[Source]