If you have licensed a Flexera product that has provided access to Secunia Advisories, all use of Secunia Advisories is subject to your license agreement with Flexera. If you have not licensed a Flexera product that provides access to Secunia Advisories:
a) All use of Secunia Advisories is for non-commercial use only.
b) For further information, see the End User License Agreement or contact us.

If you are an IT security professional, request a free trial of Software Vulnerability Manager.

 
Extremely critical

Google Chrome Flash Player Unspecified Code Execution Vulnerability

-

Release Date:  2010-10-28    Last Update:  2010-11-09    Views:  8,520

Secunia Advisory SA42031

Where:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of Vulnerability Intelligence Manager.

Impact:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of Vulnerability Intelligence Manager.

Solution Status:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of Vulnerability Intelligence Manager.

Software:

Log in with your Secunia community profile. If you are an IT security professional, request a trial of Vulnerability Intelligence Manager.

CVE Reference(s):

Log in with your Secunia community profile. If you are an IT security professional, request a trial of Vulnerability Intelligence Manager.

Description


A vulnerability has been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system


Log in with your Secunia community profile to view the full description of this Advisory. If you are an IT security professional, request a trial of Vulnerability Intelligence Manager.

If you are not a member of the Secunia community, you can sign up here for free.

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Google Chrome Flash Player Unspecified Code Execution Vulnerability

User Message
Kurosh RE: Google Chrome Flash Player Unspecified Code Execution Vulnerability
Member 7th Nov, 2010 17:39
Score: 3
Posts: 64
User Since: 30th Mar 2009
System Score: N/A
Location: CA
Last edited on 7th Nov, 2010 17:39
This should be resolved as of Nov. 4th:

http://googlechromereleases.blogspot.com/2010/11/s...

Current version of Flash Player in Google Chrome is 10.1.103.19, a newer version than what is available elsewhere.
Was this reply relevant?
+1
-0
Andy68 RE: Google Chrome Flash Player Unspecified Code Execution Vulnerability
Member 8th Nov, 2010 06:45
Score: -2
Posts: 8
User Since: 2nd Apr 2010
System Score: N/A
Location: JP
Last edited on 8th Nov, 2010 06:45
Chrome vs. 7.0.517.44 contains a newer version of flash, but some people are having trouble updating it (update error server not available (error 3).

I be glad when flash player gets pushed out by other players. I've already stopped using adobe PDF reader (Foxit, instead). The amount of security holes that occur in all of adobe's products is staggering! Unfortunately so many sites use flash that it's not really practical to disable it completely - yet.

The people at apple had the right idea when they made the iphone non-compatible with flash. Hopefully more and more companies will drop this security nightmare as adobe seem incapable of making secure software.
Was this reply relevant?
+1
-0
TiMow RE: Google Chrome Flash Player Unspecified Code Execution Vulnerability
Dedicated Contributor 9th Nov, 2010 10:38
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 9th Nov, 2010 10:43
The following relates to the current status of Chrome 7.x, under the Secure Browsing tab of PSI v.1.5.0.2 (Advanced) - "Insecure, No Solution", SA42031 - to which this comment is attached (in the provided "Comment" box).

I would be interested in learning as to, if and why, the above advisory is still seen to be valid, as it refers to the (former) insecurity of flash - specifically the bundled version within Chrome.
References are given to SA41917 (for flash plug-in), which is now recognised as patched with v. 10.1.102.64.

As indicated by @Kurosh, above, Google have deemed to have addressed the bundled flash insecurity with Chrome v. 7.0.517.44; and when the installed flash version is viewed**, it is v. 10.1.103.19, which would suggest a later version to that, which Secunia already recognises as patched.

**(Spanner/wrench>Options>Under the bonnet tab>Content settings>Plug-ins (l.h.s.)>Disable individual plug-ins (centre in blue)>scroll to flash)

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+1
-0
TiMow RE: Google Chrome Flash Player Unspecified Code Execution Vulnerability
Dedicated Contributor 10th Nov, 2010 07:48
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Last edited on 10th Nov, 2010 08:02
As of Weds 10 Nov morning (C.E.T.) start-up, Chrome now shows as Secure for browsing (green box), in Secure Browsing, PSI 1.5.0.2.

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.