Hacker News new | past | comments | ask | show | jobs | submit login

I really hope their security people push back on this (assuming they haven't already trumped security people who had a say in these high level decisions).

Although I didn't read the flash thing as finding a reason to keep it longer?

Edit: removed comment about Chromium, I forgot PDF.js was manually installed :p




Chrome's PDF reader is based off of foxit, which is also C++.


Right, PDFium is the default. I've been using the PDF.js plugin for a while now and disabled the default via chrome://plugins.

Fortunately Chrome stopped supporting Foxit and Adobe PDF plugins with version 45 (released a year ago) when they depreciated NPAPI.

> As of Chrome 45, support for old, insecure NPAPI plugins is permanently removed. I believe Adobe Reader and Foxit Reader both integrate with web browsers through NPAPI plugins. If so, the old NPAPI-based Adobe Reader and Foxit Reader no longer works in Chrome, regardless of whichever version you have installed. http://www.chromium.org/developers/npapi-deprecation

It's interesting that they still expose their own C++ code to remote PDFs which apparently had some servere bugs: http://blog.talosintel.com/2016/06/pdfium.html


Do you have a source for this?


Uh, you can easily see it in the Chrome source itself? Google actually maintains the fork itself here: https://pdfium.googlesource.com/


I meant not the source code, but the claim that it's based on Foxit.


It's also in the source (e.g. FPDF_ prefixes, comments, etc.)

Also https://www.foxitsoftware.com/blog/foxit-pdf-technology-chos... .




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: