Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Google Chrome Flash Player Unspecified Code Execution Vulnerability

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Google Chrome Flash Player Unspecified Code Execution Vulnerability

Secunia Google Chrome Flash Player Unspecified Code Execution Vulnerability
Secunia Official 7th Nov, 2010 17:39
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
A vulnerability has been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a vulnerability in the bundled version of Adobe Flash Player.

For more information:
SA41917

Kurosh RE: Google Chrome Flash Player Unspecified Code Execution Vulnerability
Member 7th Nov, 2010 17:39
Score: 3
Posts: 64
User Since: 30th Mar 2009
System Score: N/A
Location: CA
Last edited on 7th Nov, 2010 17:39
This should be resolved as of Nov. 4th:

http://googlechromereleases.blogspot.com/2010/11/s...

Current version of Flash Player in Google Chrome is 10.1.103.19, a newer version than what is available elsewhere.
Was this reply relevant?
+1
-0
Andy68 RE: Google Chrome Flash Player Unspecified Code Execution Vulnerability
Member 8th Nov, 2010 06:45
Score: -2
Posts: 8
User Since: 2nd Apr 2010
System Score: N/A
Location: JP
Last edited on 8th Nov, 2010 06:45
Chrome vs. 7.0.517.44 contains a newer version of flash, but some people are having trouble updating it (update error server not available (error 3).

I be glad when flash player gets pushed out by other players. I've already stopped using adobe PDF reader (Foxit, instead). The amount of security holes that occur in all of adobe's products is staggering! Unfortunately so many sites use flash that it's not really practical to disable it completely - yet.

The people at apple had the right idea when they made the iphone non-compatible with flash. Hopefully more and more companies will drop this security nightmare as adobe seem incapable of making secure software.
Was this reply relevant?
+1
-0
TiMow RE: Google Chrome Flash Player Unspecified Code Execution Vulnerability
Dedicated Contributor 9th Nov, 2010 10:38
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 9th Nov, 2010 10:43
The following relates to the current status of Chrome 7.x, under the Secure Browsing tab of PSI v.1.5.0.2 (Advanced) - "Insecure, No Solution", SA42031 - to which this comment is attached (in the provided "Comment" box).

I would be interested in learning as to, if and why, the above advisory is still seen to be valid, as it refers to the (former) insecurity of flash - specifically the bundled version within Chrome.
References are given to SA41917 (for flash plug-in), which is now recognised as patched with v. 10.1.102.64.

As indicated by @Kurosh, above, Google have deemed to have addressed the bundled flash insecurity with Chrome v. 7.0.517.44; and when the installed flash version is viewed**, it is v. 10.1.103.19, which would suggest a later version to that, which Secunia already recognises as patched.

**(Spanner/wrench>Options>Under the bonnet tab>Content settings>Plug-ins (l.h.s.)>Disable individual plug-ins (centre in blue)>scroll to flash)

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
TiMow RE: Google Chrome Flash Player Unspecified Code Execution Vulnerability
Dedicated Contributor 10th Nov, 2010 07:48
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 10th Nov, 2010 08:02
As of Weds 10 Nov morning (C.E.T.) start-up, Chrome now shows as Secure for browsing (green box), in Secure Browsing, PSI 1.5.0.2.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer