08 April 2010

Chrome’s silent update extending to Flash

Last week, one of the news circulating on the Internet reported that  is working with Adobe on improved integration with Flash and PDF, going as far as bundling these plug-ins in the standard install process of the browser. At first I was not impressed with the news. I’ve never been a fan of such bundles, because I prefer to decide for myself whether to install something or not. Not to mention the Flash and Adobe Reader plug-ins are shared between several browsers on Windows, which could lead to conflicts and having multiple versions of the same files on your computer. I can see how this could have advantages for mobile devices like a Chrome OS tablet or netbook: Flash would be already included in the operating system, enabling people to start using the device sooner. It would be both a marketing advantage compared to the forever Flash-less iPad and a genuine long-term bonus for users, because web-surfing would be closer to the desktop experience.

But later I heard the second half of the story and the idea suddenly made a lot more sense: for the internal Flash plug-in, users will also automatically receive updates Player using Google Chrome’s auto-update mechanism. Basically, Flash will behave like any other Chrome component, isolated in the sandbox and updated silently as soon as a new version is launched. The feature, still under development, is gradually rolled out in the dev channel and you also need to use (yet another!) command line flag to enable the internal Flash support, but I would say Chrome is on the right track to reduce the security problems from plug-ins and Flash in particular.

It will be interesting to see if and how Mozilla will react to this “partnership”. The blog post mentions them as partners in the development of a new, improved browser plug-in API. Mozilla also launched a somewhat similar initiative in Firefox, a built-in mechanism that checks if there are new plug-in versions available. But here the user can still postpone the update, making the browser vulnerable to possible security flaws of the plug-in. Even though the silent update offers better security, Mozilla has opted until now to preserve the user choice and I don’t see them changing that policy anytime soon. In this case, when security is concerned, I prefer Chrome’s approach and I think this bold decisions will help the browser gain more market share and mainstream adoption.Firefox plugin check page


  1. I'm a huge Chrome fan but I don't know much about what's going on behind the scenes. You have given me some insights and a better understanding. Thanks!