Google has patched an Adobe Flash flaw in its latest Chrome beta and stable channel builds for Windows, Mac and Linux computers.
Google pounced on patching a fresh, zero-day flaw in Adobe's
Flash Player for its Chrome Web browser, updating Chrome
10.0.648.134 stable and beta
channels for Windows, Mac and Linux systems.
Adobe March 14
warned of the critical vulnerability, which affects Flash Player, Adobe Acrobat
and Reader X and can crash computers or allow perpetrators to hijack users' machines.
Upon learning of this flaw, Google March 15 quickly
plugged the hole across its latest Chrome browser iterations.
Moving expeditiously to seal the hole is important as there
are already exploits in the wild for Flash. Adobe said this vulnerability is
being exploited in targeted attacks via a Flash (.swf) file embedded in a
Microsoft Excel (.xls) file delivered as an e-mail attachment.
Adobe said there are no known attacks targeting Adobe
Reader and Acrobat. Even so, Adobe spokesperson Wendy Poland
said the company is will make available a fix for the week of March 21.
Adobe will update Flash Player 10.x and earlier versions
for Windows, Macintosh, Linux, Solaris and Android; Adobe Acrobat X (10.0.1)
and earlier 10.x and 9.x versions for Windows and Macintosh and Adobe Reader X
(10.0.1) for Macintosh, and Adobe Reader 9.4.2 and earlier 9.x versions.
Because Adobe Reader X Protected Mode can prevent this
zero-day exploit from running, Adobe said it will wait to update Adobe Reader X
for Windows with the next quarterly security update for Adobe Reader on June 14.
Google has said it has more than 120 million people using
Chrome. Net Applications
ranks Chrome's market share at 11 percent through February.
Google's security team has been busy of late. The group is currently
working with Microsoft
to neutralize a bug lies in the MHTML protocol handler on Windows XP
and later Windows versions, and let attackers access information on a
users' computer.
Email
Print
