Are NPAPI plugin security issues same as a downloadable app that connects to the internet

Question

I want to build a cross-platform helper app that lets my users scan the desktop filesystem and find/upload the original, hi-res version of a JPG image they have previously uploaded. The scan may try to match by filename, EXIF data, or by comparing visual attributes using computer vision algorithms.

I read the following and get a little frightened:

Security considerations Including an NPAPI plugin in your extension is dangerous because plugins have unrestricted access to the local machine. If your plugin contains a vulnerability, an attacker might be able to exploit that vulnerability to install malicious software on the user's machine. Instead, avoid including an NPAPI plugin whenever possible.

My other option is to build a download/install native desktop app that runs in the background. But this approach is would also have unrestricted access to the local machine + my servers via the internet.

Both approaches require the user to download/install native code - but the NPAPI plugin has the promise of easier access and a common framework. So are the security issues the same or is one approach generally preferred over another?

Answer 1

Essentially, both plugins and a regular app have the same kind of access - so installing either one requires quite a bit of trust. There is a difference in attack surface however: while an application is normally something that can only be started by the user, a plugin is accessible to every website (restricting access to selected websites is possible but this protection itself can fail). Also, if you want to package an NPAPI plugin in a Chrome extension you have to consider that Chrome Web Store requires manual review before accepting such extensions (and distributing extensions from your own site is pretty hopeless with the changes made in Chrome 21). But it can potentially provide a better user experience. All in all: not an easy choice to make.