Flash movie only renders in Chrome, not WebBrowser control?

Question

I'm getting an output message (Vector smash protection is enabled) in the debugging output window (Visual Studio) when I navigate to this URL with a WebBrowser.

The URL redirects to an embedded video player from Dailymotion. It should look like this :

But it looks like this :

What this message means? Why do I have a black screen (the video isn't shown)? How to fix it?

Edit : You can see all the code in the last screenshot...

Answer 1

You can deal with this problem using the chrome options and creating a desired capabilities but first of all you need to consider:

1: the value you should to put in 'user-data-dir' is the same you can find out in the route chrome://version/ in Google Chrome. Let me explain that with a picture (at the end of this answer).

ChromeOptions options = new ChromeOptions();
DesiredCapabilities capabilities = DesiredCapabilities.chrome();
options.addArguments("user-data-dir=/Users/YourUser/Library/Application Support/Google/Chrome/Profile 1");
capabilities.setCapability(ChromeOptions.CAPABILITY, options);

​And afterward you need to add this options to your Driver:

driver = new ChromeDriver(capabilities);

So, this is the best way to make request to a page that has Vector smash protection enabled.

Answer 2

The message "Vector smash protection is enabled." is emitted by Flash.ocx (you can find it in the DLL). It's likely related to this security mitigation: http://googleprojectzero.blogspot.com/2015/07/significant-flash-exploit-mitigations_16.html

Answer 3

I noticed something similar myself.
I got the following when installing python webbrowser:

Vector smash protection is enabled.
java version "1.7.0_79"
OpenJDK Runtime Environment (IcedTea 2.5.6) (7u79-2.5.6-0ubuntu1.14.04.1)
OpenJDK 64-Bit Server VM (build 24.79-b02, mixed mode)

I am convinced that it is to prevent a type of denial of service attack, just released in Java 1.7, with no fanfare.
see:
http://docs.oracle.com/javase/7/docs/api/java/util/Vector.html
and
http://www.oracle.com/technetwork/java/seccodeguide-139067.html

Edit 1:

As my issue was coming from the pdf viewer atril, I approached the writers of the program and they have informed me that the Vector smash protection is enabled message is being issued by Webkit. Atril added a new epub backend to their code and it uses Webkit.
A cursory search suggests that it is a defence against a stack smash or heap spraying attack, although don't hold me to it.
The reason that this message seems to be popping up across browsers, viewers and indeed operating systems, appears to be directly related to how many programs now use webkit under the hood, as it were.
Here are 2 lists of code making use of webkit:

http://trac.webkit.org/wiki/ApplicationsGtk
http://trac.webkit.org/wiki/Applications%20using%20WebKit

As usual, if in doubt, your own research may prove more effective than mine but I for one am much happier about the message, now that I know what it is.
Should I come across anything else germane, I'll edit this post.

Answer 4

Sorry but I can't spent time but the following was printed on my bash terminal.

Vector smash protection is enabled.
Failed to open VDPAU backend libvdpau_va_gl.so: cannot open shared object file: No such file or directory
Failed to open VDPAU backend libvdpau_va_gl.so: cannot open shared object file: No such file or directory
Failed to open VDPAU backend libvdpau_va_gl.so: cannot open shared object file: No such file or directory
...