Google Updates Chrome for Security and Adobe Flash
In the second update of the month, the newly released stable edition of Google's browser patches security vulnerabilities while throwing in Flash integration, to boot.
Google is updating the stable version of its Chrome browser on Linux, Mac and Windows for the second time this month. Chrome 5.0.375.86 provides fixes for at least five security issues, three of which are rated by Google as high impact.
In addition to the security fixes, Chrome 5.0.375.86 is the first version of the stable build of Chrome to directly integrate Adobe's Flash as part of the browser. Google has been testing the Flash integration in developer builds of Chrome since May.
Among the three high-severity vulnerabilities fixed in Chrome 5.0.375.86 is an x.509 security certificate flaw. Google credited Rodrigo Marcos of security research firm Secforce with reporting the x.509 vulnerability, the only flaw in the update for which Google awarded a cash reward. Google earlier this year began offering rewards -- in Marcos's case, $500 -- as part of Google's Chromium Security Award effort.
The other two high-severity flaws in the Chrome update are both credited to Google's own security team. One of the flaws is a memory error in how Chrome handles video while the other is a flaw with the Chrome "omnibox" address bar.
Chrome 5.0.375.86 also tackles several medium-security vulnerabilities, include an additional video-handling memory flaw, as well as a Cross-Site Scripting (XSS) issue that has now been addressed.
The six flaws fixed in the Chrome 5.0.375.86 update come on the heels of the 11 security vulnerabilities addressed in the previous Chrome 5.0.375.70 stable update earlier this month. Chrome 5 itself as a stable release is now only a month old, having been first released at the end of May.
At the time of the first Chrome 5 stable release, Google also said that it planned to include Flash integration once Adobe released Flash Player 10.1, which became available earlier this week.
As a result, Chrome now includes an integrated Flash Player, with which Google further differentiates itself from rivals including Mozilla Firefox, Microsoft Internet Explorer and Apple Safari, none of which directly integrate Flash. Instead, those rival browsers require separate downloads and plugins, and in some cases, their own approaches to updating the software: Mozilla's approach for ensuring Flash is up-to-date involves a plugin checker that identifies if the plugin needs to be updated by the user.
Moving forward, Google is planning on directly integrating other Adobe technologies into Chrome, as well. Last week, Google began testing an integrated PDF viewer in the developer version of Chrome.