In association with heise online

27 April 2011, 15:40

Google adds Flash cookie protection to Chrome

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Chrome Logo Google has announced that this week's Chrome developer channel (also known as the Dev channel) build, version 12.0.742.9, of its WebKit-based web browser now allows users to more than just delete cookies; they can now delete Adobe Flash Player Local Shared Objects (LSO), also known as "Flash cookies". Typically, unlike browser cookies, these Flash cookies cannot simply be disabled or deleted via browser settings.

In Chrome 12.0.742.9, users can now delete local plug-in storage data, including Flash LSOs, from directly within the browser by clicking Wrench > Tools > Clear browsing data and selecting "Delete cookies and other site and plug-in data" – alternatively, users can type chrome://settings/clearBrowserData into the browser's URL bar. Furthermore, users can configure Chrome to automatically clear plug-in data when they close their browser via content settings.

Google says that, according to its knowledge, "Adobe Flash Player is currently the only NPAPI plug-in which has implemented support for the NPAPI ClearSiteData API, but we hope other plug-ins will follow suit," adding that, "We believe providing control over plug-in data directly in the browser creates a better experience for both users and website developers".

Zoom Users can access the Clear Browsing Data menu by clicking Wrench > Tools > Clear browsing data.
Source: Google
At the beginning of the year, Adobe said that it intended to make it easier to delete Flash cookies from web browsers via a new API. That new API, NPAPI:ClearSiteData, is the brainchild of Mozilla, Google, Apple and Adobe. It allows Flash cookies to be deleted directly in the browser's settings without having to visit, say, the Settings Manager on the Adobe web site or manually delete the cookies in the operating system's file system. The API also allows any data collected by plug-ins to be deleted as well, provided that the plug-in supports the process. This API has been implemented in Flash Player 10.3.

Google has used Adobe's Flash plug-in as the default in Chrome since version 5.0.375.86. The motivation was to ensure that users always have the latest Flash Player version when they download Chrome – the browser automatically downloads the latest version in the background without requiring any user interaction. As Chrome includes the Flash plug-in, it's often updated to protect against security vulnerabilities before Adobe is able to ship an update for its products. Adobe says that Google can implement the changes faster because it doesn't have to test as many scenarios and combinations as Adobe does before a new version completes quality assurance testing.

In recent weeks, Google has also added other security features into its Chrome Dev channel, such as the ability to block hazardous .exe files in the Windows version of the browser.

Further information about Chrome 12.0.742.9 and Adobe Flash Player’s local storage can be found in a post on the Chromium Blog by Google Software Engineer Bernhard Bauer. Aimed at developers and early adopters and not recommended for production use, users can download the latest Dev channel version of Chrome for Windows, Mac OS X and Linux from Alternatively, current Dev channel users can use the built-in update function by clicking Tools, selecting About Google Chrome and clicking the Update button.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit