You are here

T-604: Google Chrome updated version of the Adobe Flash player

April 15, 2011 - 4:30am

Addthis

PROBLEM:

Chrome Stable and Beta channels have been updated to 10.0.648.134 for Windows, Mac, Linux and Chrome Frame

PLATFORM:

Windows, Mac, Linux and Chrome Frame

ABSTRACT:

The Chrome Stable channel has been updated to 10.0.648.205 for Windows, Mac, Linux and Chrome Frame. This release contains a new version of Adobe Flash 0-Day CVE-2011-0611. Update also includes a fix for a security vulnerability Critical CVE-2011-1300: Off-by-three in GPU process, CVE-2011-1301: Use-after-free in the GPU process, and CVE-2011-1302: Heap overflow in the GPU process.

OTHER LINKS:

Google Chrome Releases - Google Chrome Browser
Google Chrome Security
MITER REF - CVE-2011-0611

IMPACT ASSESSMENT:

High

Discussion:

CVE-2011-0611 - A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

Adobe is in the process of finalizing a fix for the issue and expect to make available an update for Flash Player 10.2.x and earlier versions for Windows, Macintosh, Linux, and Solaris on Friday, April 15, 2011. Google Chrome users can update to Chrome version 10.0.648.205, available now.
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat - APSA11-02

Google Chrome Terms of Service and Download Web Link

Impact:

This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a malicious Web page or a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment, targeting the Windows platform. At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

Solution:

Chrome Stable channel has been updated to 10.0.648.205 for Windows, Mac, Linux and Chrome Frame.
Google Chrome: System requirements

Patches/Software Downloads
Google Chrome Update

Addthis