Mitigate Adobe Reader Vulnerabilities with Google Chrome PDF Viewer

August 13, 2010 1 Comment

Adobe Reader has a growing list of exploits and a current unpatched vulnerability. The crux of the problem is that PDF documents are not simply documents. PDFs can contain arbitrary code in the form of Javascript or Flash as Adobe Reader embeds a full Javascript runtime and a private Flash runtime environment. Javascript can be disabled via the options but the Flash engine cannot be disabled via the GUI.

An interesting development is that Google Chrome 6.x includes its own PDF rendering plugin. This plugin converts PDF to HTML5 and renders it with the webkit engine. It is very fast and a fundamentally different approach from Adobe Reader. Commodity attacks on Adobe Reader should not be effective on Chrome.

The Chrome Beta channel includes the Chrome PDF viewer plug-in but it is disabled by default. Go to the about:plugins page to enable it. You can also disable the Adobe Reader plug-in while you are at it.

chrome-pdf

Advertisement

Filed under Uncategorized Tagged with , , , , ,

One Response to Mitigate Adobe Reader Vulnerabilities with Google Chrome PDF Viewer

  1. Ambrose Viccars says:
    September 15, 2010 at 9:13 pm

    Online PDF And PowerPoint And Document Reader hxxp://onlineviewer.[us]

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: