Skip to main content

Google fixes Flash security bug before Adobe

Flash LogoGoogle today preempted Adobe by fixing a “critical” security issue with Adobe’s Flash Player. Google’s fix, however, only covers its Chrome Web browser. Users of other browsers will likely have to wait for Adobe to release an official patch, which is planned for release sometime this week.

The “zero-day” bug was first brought to attention of the public last week after infected .swf files (Flash’s extension) — which were embedded in Excel documents (.xls) — began appearing in email inboxes. Opening the compromised file could cause a system to crash or, at the very worst, could result in a hacker “[taking] control of the affected system.”

Microsoft has said that user’s of Office 2010 are not vulnerable through a security system included in the software suite. Users of older versions of Windows who are running Chrome will only be safe if they do not have Flash for Internet Explorer installed and only stick to using Flash through Chrome. Mac users may be safe for the moment, but it’s suspected that vulnerability could be adjusted to exploit Apple products. If you’re a non-Chrome user, you’re best bet would be to remove Flash until Adobe releases the patch. If you are a Chrome user, be sure to update.

Google’s owes its speediness in releasing the Chrome fix in part to its close relationship with Adobe. Through an agreement, Google is granted access to early builds of Flash before they’re released to the public. That gives the company a head-start on testing — something it takes very seriously when it comes to the security of its Chrome browser.

While Google only had to worry about testing the fix for Chrome, Adobe will have to test its patch on around 60 system configurations before its ready for release.

Topics
Aemon Malone
Former Digital Trends Contributor
Google is creating ‘internet surveillance DRM,’ critics say
Google Drive in Chrome on a MacBook.

Google is working on a system to fight fraud and make the internet “more private and safe,” but it’s just come in for some blistering criticism from software engineers behind the Vivaldi web browser. According to them, it’s a “dangerous” idea that could lead to greater surveillance of ordinary people.

The subject of this kerfuffle is Google’s Web Environment Integrity project, or WEI. Its purpose, Google says, is to stymy bad actors by providing a piece of code on a website that can be checked with a trusted attestor (such as Google) to ensure the visitor is who they say they are. That could prevent cheating in games, for example, or ensure that ads are being properly served to readers.

Read more
Why is Google cutting web access for some of its workers?
Google Logo

Google is preventing some of its staff from using the internet at work, according to sources in contact with CNBC.

Having revolutionized the web with its powerful search engine before making vast sums of money off online ads, the idea of a company like Google preventing some of its own workers from accessing the internet may at first seem somewhat odd, but there is of course sound reasoning behind it.

Read more
Google just made this vital Gmail security tool completely free
The top corner of Gmail on a laptop screen.

Hackers are constantly trying to break into large websites to steal user databases, and it’s not entirely unlikely that your own login details have been leaked at some point in the past. In cases like that, upgrading your password is vital, but how can you do that if you don’t even know your data has been hacked?

Well, Google thinks it has the answer because it has just announced that it will roll out dark web monitoring reports to every Gmail user in the U.S. This handy feature was previously limited to paid Google One subscribers, but the company revealed at its Google I/O event that it will now be available to everyone, free of charge.

Read more