In association with heise online

29 June 2010, 13:24

Google integrates safe PDF viewer in Chrome

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Google Chrome Logo In the developer version of its Chrome web browser, Google has integrated its first PDF viewer, which makes Adobe's Reader plug-in superfluous and is designed to provide better security. Because the PDF viewer runs in a sandbox, security flaws are not expected to immediately compromise the entire system, which they can do with Adobe's plug-in. In addition, the viewer will always be updated along with Chrome. Because Chrome is automatically updated in the background, users do not have to fiddle around with manual updates.

Adobe has also integrated such "silent updates" in Reader, but a large number of vulnerable installations remain in use. Incidentally, a security update for Reader and Acrobat is expected to be released tonight to close a number of critical security holes.

Zoom You can use the same browser shortcuts to navigate in a PDF.
Using the default settings, the Chrome PDF Viewer is disabled and has to be enabled under about:plugins. When you then launch a PDF document, it opens up in a new tab, where you can also zoom and search. Google says the new viewer does not yet support all of the extended functions of Adobe reader, such as embedded media files. In addition, Google has only integrated the PDF viewer in the Windows and Mac versions of Chrome. There is no support for Linux at the moment, though it is expected to be made available via the developer channel in the next few weeks. The integrated plug-in can already be enabled under Linux, but Chrome merely reported a "missing plug-in" in a test conducted by The H's associates at heise Security.

At the beginning of May, antivirus vendor F-Secure wrote an open letter to Microsoft asking the firm to publish a simple PDF viewer. The reason for this request was the constant stream of new security flaws in Adobe Reader, many of which are the result of additional options that are not even needed to simply view a document, such as the /launch function, JavaScript support, and the ability to playback audio and video files. Google has now taken care of the matter itself.

Google is also working on an improved plug-in API (Pepper) that will make it easier for plug-ins to run within a sandbox. Future versions of Chrome will refuse to load outdated plug-ins and warn users when they visit a website for a rarely used plug-in. Already, individual plug-ins can be disabled without having to relaunch the browser.

Because Chrome already contains the Flash Player when downloaded, Google's browser could become popular among users from the point of view of security – and speed. According to StatCounter, Chrome has already overtaken Apple’s Safari in the US, where 8.97% of users surf with Chrome, compared to 8.88% with Safari.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit