Google Updates Chrome Browser

Google has released a new version, 9.0.597.94, of its Chrome browser, for all platforms (Linux, Max OS X, and Windows).    The new version incorporates the Flash Player security fixes that Adobe released today, and also fixes five other security flaws.  More details are available in the release announcement on the Chrome Releases Blog. WIndows users can obtain the new version via the built-in update mechanism (Help / About Google Chrome). Linux users should be able to get the new version using standard package update tools (e.g., apt-get, synaptic).  Alternatively, you can download installation packages here.

Because of its security content, and especially the Flash Player fixes, I recommend installing the new version as soon as you conveniently can.

Adobe Updates Flash, Acrobat, Reader

Last week, I noted that Adobe was planning to release security updates for its Acrobat and Reader products today, for the Windows and Mac OS X platforms (an update for the UNIX/Linux version is scheduled for the week of February 28).  Adobe did release those updates today; it also released a security bulletin for its Flash Player, along with a new version, 10.2.152.27.

The Flash Player update addresses 13 different security vulnerabilities, some rated Critical; the vulnerabilities are present in Flash Player versions 10.1.102.64 and earlier.  Further details are given in the Adobe Product Security Bulletin [APSB11-02].   The new version is available for all platforms (Mac OS X, Windows, and UNIX/Linux) from the Flash Player download page.  Windows users can, alternatively, use the update mechanism built into the player.  Because the Flash Player is widely installed across multiple platforms, it is an attractive target for the Bad Guys.  I encourage you to update your systems as soon as you can.

The patches for Acrobat and Reader address 29 security vulnerabilities; some of these are also Critical.   The affected software versions are:

• Adobe Reader X (10.0) and for Windows and Macintosh
• Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX
• Adobe Acrobat X (10.0) and earlier versions for Windows and Macintosh

Details of the fixes are given in the Adobe Product Security Bulletin [APSB11-03].  At present, updates are available for the Windows and Mac OS X platforms; Adobe says the update for UNIX/Linux versions will be available the week of February 28.  You can obtain the new version of Reader by using the built-in update mechanism (Help / Check for Updates); alternatively, you can download the necessary updates from these pages:

• Update for Windows
• Update for Mac OS X

Acrobat users can also use that product’s built-in update mechanism; the Security Bulletin [APSB11-03] contains direct download links for the updates.

The Acrobat and Reader updates also include the security update for their built-in Flash player capability.

Mozilla Reschedules Firefox, Thunderbird

In a post last week, I noted that Mozilla had tentatively scheduled the release of new versions of Firefox, 3.6.14, and Thunderbird, 3.1.8, for today.   Mozilla’s Releases Calendar is now showing them as scheduled for next Monday, February 14. 

Microsoft Security Patches, February 2011

In keeping with its normal schedule, Microsoft today released its monthly batch of security bulletins for February.  This month, there are  12 bulletins covering 21 identified vulnerabilities.  Three of these have a maximum severity rating of Critical, and nine are rated Important.   There are Critical updates for all supported versions of Windows.  My preview post from last week gives the severity breakdown by Windows version.

Microsoft says that nine of these patches will definitely require a system restart, and the remaining three may do so.  Further details, and download links for the individual patches, are given in the Security Bulletin Summary.   As always, you should update your system(s) as soon as you conveniently can.

As usual, the good folks at the SANS Internet Storm Center have posted their own summary of this month’s patches, along with their assessment of the severity of each.