14 DAY TRIAL // Google has released a new version of its Chrome browser in order to update the bundled Flash Player plug-in with vulnerability patches.
"The Chrome Beta and Stable channels have been updated to 13.0.782.112 which includes an updated version of Flash Player," Google announced yesterday.
Both Adobe and the Google Chrome Team acknowledge the work of Google security engineer Tavis Ormandy on identifying many security issues fixed in this version of Flash Player.
According to Adobe's security advisory, this Flash Player update addresses thirteen security vulnerabilities, most of them leading to remote code execution.
All of these vulnerabilities are rated as critical, but Adobe notes that it is not aware of any being exploited in the wild at the time of this release.
Even if they would, the Flash Player plug-in bundled in Chrome is partially sandboxed. This is not the same sandbox as Chrome's native one, but it does raise an extra barrier against exploitation attempts.
For the time being, Chrome is the only browser to bundle its own special version of Flash Player or have it run under a sandbox. The other browsers use the plug-in distributed by Adobe.
In an interview we had earlier this year with Steve Adegbite, a senior security strategist at Adobe Systems, he revealed that the company is working on a containment technology for Flash Player that would make exploitation harder. However, this is still more than a year away.
Meanwhile, Flash Player remains one of the most targeted software products, together with Adobe Reader and Java. Users should make sure that they are always using the latest version available.
The latest version Google Chrome for Windows can be downloaded from here. The latest version Google Chrome for Linux can be downloaded from here. The latest version Google Chrome for Mac can be downloaded from here.