They aren’t sandboxed - except on Chrome, and even that sandbox won’t protect you from everything. If an attacker finds a hole in your browser plug-in, they can generally exploit that hole to gain access to the system. Chrome uses PPAPI, which is designed to provide additional sandboxing - but even it isn’t ideal. Internet Explorer uses ActiveX, which is notorious for its security problems. Firefox still uses the NPAPI plug-in system created for Netscape Navigator. It’s just up to websites to switch over to the in-browser features from those old plug-ins they’re still using.Īnd plug-ins really are old.
Web browsers are becoming ever more capable, and the functions that once required browser plug-ins - various video playback features, video chatting, animations, in-browser games, and more - are now built into modern browsers. RELATED: How to Protect Yourself from All These Adobe Flash 0-Day Security Holes
