Establishing Digital Trust: Don't Sacrifice Security for Convenience
Some browsers get updated faster than others, a lot faster.
Google has updated its Chrome 10 browser for the third time this month with the release of Chrome 10.0.648.134 for Windows, Mac, Linux and Chrome Frame.
Chrome 10.0.648.134 is being issued to fix a single issue. Chrome 10.0.648.134 provides an updated Adobe Flash player that fixes a zero day vulnerability that is already being exploited in the wild.
Google's Chrome browser includes an integrated Flash player, which is something that no other browser vendor provides. Additionally Chrome is getting the Adobe Flash fix before even Adobe issues a public fix for all users.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Adobe issued a security advisory earlier this week, warning of a critical vulnerability in Flash Player 10.2.152.33 and earlier versions.
"This vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe warnedin its advisory. "There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment."
Though Adobe has not yet provided its own public patch yet, there is a mitigation. Adobe noted that users of Adobe Reader X benefit from a Protected Mode sandbox which would mitigate the risk. Adobe isn't planning on providing a public update to Flash Player 10.x until the week of March 21st.
The Chrome 10 browserfirst debuted at the beginning of March, fixing 25 security related issues.
Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.