Google Updates Chrome for Flash Risk

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Some browsers get updated faster than others, a lot faster.

Google has updated its Chrome 10 browser for the third time this month with the release of Chrome 10.0.648.134 for Windows, Mac, Linux and Chrome Frame.

Chrome 10.0.648.134 is being issued to fix a single issue. Chrome 10.0.648.134 provides an updated Adobe Flash player that fixes a zero day vulnerability that is already being exploited in the wild.

Google's Chrome browser includes an integrated Flash player, which is something that no other browser vendor provides. Additionally Chrome is getting the Adobe Flash fix before even Adobe issues a public fix for all users.

Adobe issued a security advisory earlier this week, warning of a critical vulnerability in Flash Player and earlier versions.

"This vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe warnedin its advisory. "There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment."

Though Adobe has not yet provided its own public patch yet, there is a mitigation. Adobe noted that users of Adobe Reader X benefit from a Protected Mode sandbox which would mitigate the risk. Adobe isn't planning on providing a public update to Flash Player 10.x until the week of March 21st.

This isn't the first time that Google is updating its browser ahead of every other vendor. The Chrome 10.0.648.133 update issued earlier this week provided a fix for a security flaw first reported against RIM's Blackberry mobile platform. RIM has yet to provide its own update and instead is advising Blackberry users not to use JavaScript.

The Chrome 10 browserfirst debuted at the beginning of March, fixing 25 security related issues.

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.