PDF.js For Chrome – It Works!

edit: Now available on the Chrome Web Store: (use this! not the one I link later from Opera)

https://chrome.google.com/webstore/detail/pdf-viewer/oemmndcbldboiebfnladdacbdfmadadm?utm_source=chrome-ntp-icon

So Opera recently came out with a PDF.js extension for their latest Blink build of the browser. I kinda thought, hey, Opera and Chrome aren’t all that different anymore… maybe it’ll work? So I downloaded the file from:

https://addons.opera.com/en/extensions/details/pdf-viewer/

And I got a pdf-viewer-0.8.169-1.nex and I changed the file extension to pdf-viewer-0.8.169-1.crx. 

I then launched Chrome with the command flag –easy-off-store-extension-install and opened up chrome://extensions. I dragged the .crx file onto the page, and voila – it installed!

So then I opened up the first PDF I found on Google and…

PDFjschromeSuccess! PDF.js now works in Chrome, with just a little bit of work. The extension almost certainly won’t autoupdate, though perhaps it will. No idea. But there you have it.

One of the benefits of PDF.js is that your entire PDF “program” is implemented in Javascript. Chrome runs Javascript in an incredibly tight sandbox in its renderer, so attacks using PDFs will be restricted to that sandbox.

So there you have it. Chrome now has PDF.js, and it’s available on Firefox and Opera as well. For more on PDF.js in Chrome, see my earlier post.

 

7 thoughts on “PDF.js For Chrome – It Works!

  1. Hi,

    Don’t you think opening your pdf files in Chromes(or for that matter any browsers inbuilt pdf reader) can be a privacy issue?? It shouldn’t be a problem to open the same pdf file in a sandboxed Adobe reader installed on local system.

    What do you think ?

    • I suppose if you run your PDF Reader in a separate account with no internet access that would be a benefit. But I don’t see PDFs themselves as much of a threat to privacy, unless there’s something I’m missing.

  2. Evince (GNOME PDF viewer) is already sandboxed with AppArmor on Ubuntu. You might want to throw in some seccomp filters just to be sure, although I suppose AppArmor already covers most of that via capabilities.
    Chrome has a much tighter sandbox though, so I understand why you’d want PDF.js instead of Evince.

    • Yes, I could use Evince, which benefits from Apparmor. But I can also Apparmor Chrome, on top of its regular sandbox. That’s pretty significant. Not to mention the amount of work that goes into securing Chrome’s V8, like the bounty programs.

Leave a Reply

Your email address will not be published. Required fields are marked *