We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Google Chrome won't run outdated plug-ins

Google implements Firefox security feature

Google has tweaked its Chrome browser so it won't run outdated plug-ins in a bid to improve safety for web users.

In a post to the Chromium blog, a trio of Google security engineers announced that Chrome would refuse to run plug-ins if they were found to be out of date, and thus, potentially vulnerable to exploitation of known bugs.

Chromium is the name of the open-source development project that feeds into the Chrome browser.

Google did not spell out when the outdated plug-in blocking would be added to Chrome, saying only that it would take place "medium-term".

Nor did the Google engineers specify which plug-ins would be blocked. Chrome will assist users in updating old plug-ins, they said.

Chrome will also display a warning when a site calls on an infrequently-used plug-in, said Chris Evans, Julien Tinnes and Michal Zalewski of Google's security team.

"Some plug-ins are widely installed but typically not required for today's internet experience," they said.

"For most users, any attempt to instantiate such a plug-in is suspicious and Google Chrome will warn on this condition."

Evans, Tinnes and Zalewski did not elaborate on how Chrome would define "infrequently-used".

Google did not reply to requests for clarification and more information on the timeline of the impending changes to Chrome.

Chrome is following in the footsteps of Mozilla's Firefox, which already has outdated plug-in blocking.

Mozilla added basic plug-in checking to Firefox 3.5 last September, but fleshed out the feature in Firefox 3.6, which debuted in January.

The newest Firefox checks browser plug-ins, such as Adobe's Flash Player or Apple 's QuickTime, to make sure they're up-to-date, then blocks vulnerable plug-ins from loading and shows users how to update the software.

Both Mozilla and Google have said their new features are a reaction to the rapidly-increasing number of attacks against vulnerable plug-ins, especially Adobe's Flash Player and Reader.

According to some estimates, attacks against browser plug-ins, particularly Adobe's popular Reader PDF viewer, are quickly climbing.

In the first quarter of 2010, antivirus vendor McAfee said in April, PDF exploits accounted for 28 percent of all malware-bearing attack code .

In other security arenas, Chrome is already ahead of Firefox. Google's browser, for instance, now automatically updates Adobe's Flash Player behind the scenes.

And two weeks ago, Google added an integrated PDF viewer to the 'developer' build of Chrome for Windows and Mac.

Chrome accounted for 7 percent of all browsers used last month, according to the most recent data from web metrics company Net Applications. Meanwhile, Firefox owned a 24 percent usage share in May.

See also: Mozilla & Apple make browsers more stable


IDG UK Sites

Nexus 6 vs Samsung Galaxy Note 4 comparison: What's the best Android phablet?

IDG UK Sites

The iPhone is doomed. Doomed to be marginally less successful than a very successful thing.

IDG UK Sites

How to prototype native mobile apps without writing code

IDG UK Sites

How to prepare for and update to OS X Yosemite: Get your Mac ready to download & install Apple's...