When a critical Flash Player vulnerability was discovered being used in the wild last week, Adobe posted an advisory and promised an update within a week. The exploitable software flaw lets attackers take control of your system after opening an Excel spreadsheet with an embedded malicious Flash file (Office 2010 is said to feature safety countermeasures that prevent harmful code execution).
This undoubtedly nasty bug that affected the whole web and not just the parts of it needed a quick fix. It comes as a surprise that Google has managed to beat Adobe to the update punch by squashing the bug with a Chrome update while Adobe preps to issue the fix this week. How’s that possible?
For starters, Google and Adobe have an ongoing relationship that gives the search monster access to early Flash Player builds. In this case, a yet-to-be-released Flash Player build comes integrated with the latest Chrome update. Folks who run Flash Player plug-in for other browsers are left in the cold.
Second, Chrome takes silent updating to extremes. A Google process runs in the background on your computer, awaiting notification from the update server. When an update goes live, the process downloads files and updates your browser. This happens silently and the installation completes the next time Chrome restarts. You don’t even realize it unless you check out the version number by choosing About Google Chrome under the wrench menu.
Apple stopped preloading Flash Player on Macs last October. The Flash plug-in is often blamed for crashes, poor performance and its resource intensiveness. Daring Fireball cautions people to uninstall Flash from their Mac and instead use Chrome for online Flash videos, games and other content. It’s a sound advice. After all, the recently released Chrome 10 did extend sandboxing technology to the integrated Flash Player. As a result, the plug-in runs as a separate process isolated from other tabs, the rest of the browser and a host operating system.