Modernizing Authentication — What It Takes to Transform Secure Access
For as long as there have been Web browsers, there have been debates about which browser is the most secure. In the modern world of Web based attacks, security isn't just about the Web browser, but also about the applications and plugins that a browser uses. That's where Google's Chrome differs from every other major browser vendor.
Chrome includes an integrated Adobe Flash Player. While other vendors including Microsoft IE, Mozilla Firefox and Apple Safari support Flash, it is not directly integrated.
Going a step further, Google has a silent updating mechanism that updates Chrome users to the latest version of the browser as well as the latest version of Flash Player. In some cases, Chrome users may get the Flash update as many as 12 hours ahead of the general availability from Adobe for other browsers.
"We're really excited about the integration of Flash Player and Chrome," Brad Arkin, senior director of Product Security and Privacy at Adobe told InternetNews.com. "It allows people to piggyback on the proven updater that Chrome has and take advantage of it."
Arkin noted that nearly everyone that uses a Web browser has Flash installed. As part of Chrome Flash is updated effortlessly for the user. Security researchers in past years have called out Adobe for the number of out-of-date Flash users. Outside of Chrome, Flash users have typically had to update the plugin themselves.
As to why Chrome gets Flash updates before others even have a chance to update on their own? It's a matter of procedure and risk aversion.
Arkin explained that when they go through the process of building a new version of Flash, there is a rigorous testing process across Windows, Mac and Linux as well as every browser version. In total, Adobe tests for about 60 different browser and operating system combinations.
"As we go through that testing, it might take many hours before we can test and verify on every single platform," Arkin said. "But as soon as we finish the Chrome testing, we can push the binary to the Chrome guys, even though we have testing left to do for other browsers."
Arkin explained that once a new Flash release has gone through all of the required testing, that's when Adobe puts the universal installer up on the Web for people to download. "When we have a new version of Flash to release, particularly if it's an urgent scenario, we don't want to delay getting the binaries out for any user that might be at risk," Arkin said.
When it comes to regularly scheduled patches, Arkin noted they are all made available at the same time for all platforms and browsers. Overall, Adobe is willing to work with other vendors and their update mechanisms to help improve security for everyone.
"We're eager to work to protect our users by leveraging the update mechanism," Arkin said. "So, whether it's something with Microsoft or Mozilla, we're always open to those kind of conversations."