To better protect Google Chrome users from the threat of plug-in exploits, Google've announced a couple of initiatives:
- Chrome now has ability to disable individual plug-ins (about:plugins) or to operate in a "domain whitelist" mode whereby only trusted domains are permitted to load plug-ins (Options->Content Settings->Plug-ins).
- By including Adobe Flash Player -- we can re-use Chrome's autoupdate strategy and minimize the window of risk for patched vulnerabilities.
- Integrated, sandboxed PDF viewing. This'll make it harder for PDF-based vulnerabilities to result in persistent installation of malware.
- Protection from out-of-date plug-ins feature will start refusing to run certain out-of-date plug-ins.
- Warning before running infrequently used plug-ins. For most users, any attempt to instantiate such a plug-in is suspicious and Google Chrome will warn on this condition.
- "Pepper" next generation plug-in API makes it easier to sandbox plug-ins.