Google pounced on patching a fresh, zero-day flaw in Adobe’s Flash Player for its Chrome Web browser, updating Chrome 10.0.648.134 stable and beta channels for Windows, Mac and Linux systems.
Adobe March 14 warned of the critical vulnerability, which affects Flash Player, Adobe Acrobat and Reader X and can crash computers or allow perpetrators to hijack users’ machines.
Upon learning of this flaw, Google March 15 quickly plugged the hole across its latest Chrome browser iterations.
Moving expeditiously to seal the hole is important as there are already exploits in the wild for Flash. Adobe said this vulnerability is being exploited in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an e-mail attachment.
Adobe said there are no known attacks targeting Adobe Reader and Acrobat. Even so, Adobe spokesperson Wendy Poland said the company is will make available a fix for the week of March 21.
Adobe will update Flash Player 10.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android; Adobe Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh and Adobe Reader X (10.0.1) for Macintosh, and Adobe Reader 9.4.2 and earlier 9.x versions.
Because Adobe Reader X Protected Mode can prevent this zero-day exploit from running, Adobe said it will wait to update Adobe Reader X for Windows with the next quarterly security update for Adobe Reader on June 14.
Google has said it has more than 120 million people using Chrome. Net Applications ranks Chrome’s market share at 11 percent through February.
Google’s security team has been busy of late. The group is currently working with Microsoft to neutralize a bug lies in the MHTML protocol handler on Windows XP and later Windows versions, and let attackers access information on a users’ computer.