Google Silently Patches Flash Vulnerability in Chrome

A recent vulnerability in Adobe’s Flash Player was discovered, to which Adobe replied that a patch would be available within a week. This bug works when you open an Excel file that contains an embedded malicious Flash file (Office 2010 is not affected). However, Google Chrome users can rest easy because their flash player has already been patched. Here’s why

First, ‘Silent Updating’. Google Chrome runs a small process in the background at all times checking for updates from Google and silently installing them for use upon the next restart of Chrome. By default, you can only tell that Chrome has updated by looking at the ‘About Google Chrome’ window and comparing the versions. Second, Chrome uses its own Flash Player. Unlike other browsers, which use the Flash Player that is installed as a plugin, Chrome uses its own Flash Player that is built in. Google even gets beta and pre-release versions of the Flash Player, and includes an unreleased version in this case.

Due to reported problems with Flash, Apple quit shipping Flash on the Mac last October. After Chrome 10 extended sandboxing to the integrated Flash Player (it runs as a process separate from the tabs and windows), Chrome is the safest way to use the Flash plugin. In fact, it is relatively easy for Mac users to go Flash-free and use Chrome to play Flash games or video

No comments:

Post a Comment