Posted on Monday, March 21 2011 @ 21:49 CET by Thomas De Maesschalck
Guardian
reports Google took it upon itself to patch a dangerous bug in Adobe Flash Player, but only for its own Chrome browser. Users of other browsers will have to wait until Adobe releases its patch, this update is expected sometime this week.
Google has fixed a critical Adobe Flash Player bug that is being exploited in the wild - but only for its own Chrome browser. Users of Flash Player in other browsers will have to wait for Adobe's official patch, which will require testing against around 60 platforms and configurations.
Chrome is able to get the fix because it has an ongoing collaboration with Adobe which gives it early access to new builds of Flash.
The "zero-day" vulnerability - meaning that it was discovered being used in the wild, rather than by security researchers hunting for bugs - embeds a malicious Flash file in an Excel document; that is then sent to people on a target list, and if opened can compromise Windows-based computers - though Microsoft says that machines running Office 2010 are protected through a security system called data execution prevention.
