Who doesn’t love Google’s signature web browser, Google Chrome? We all do and to make sure that Chrome’s users stay satisfied with it, Google has just fixed a rather critical Adobe Flash Player exploit that can be potentially harmful for computers. The catch here is that only Google has fixed this exploit, whereas users of Flash Players in other browsers shall have to wait until Adobe pushes out the official fix for the exploit.
So what exactly is this potentially harmful exploit? Adobe explains:
Acritical vulnerability exists in Adobe Flash Player 10.2.152.33 and earlier versions (Adobe Flash Player 10.2.154.18 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris operating systems, Adobe Flash Player 10.1.106.16 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions of Reader and Acrobat for Windows and Macintosh operating systems.
This vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment. At this time, Adobe is not aware of attacks targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.
An Adobe spokeswoman has said that Chrome on older versions of Windows will not be affected by this exploit only if Flash Player for Internet Explorer is not installed and Flash is viewed only through Google Chrome.
Google Chrome remains safe from heavy exploitation, as it was seen at the annual Pwn2Own competition where Safari and IE8 were hacked, but Google Chrome was left untouched.
Adobe recognizes that this exploit is “critical” and that it is going to release a fix later this week. We’ll follow up, when that happens.