October 8, 2012
Google released a new version, 22.0.1229.92, of its Chrome browser today, for Windows, Mac OS X, and Linux. This version incorporates a number of bug fixes, and also fixes five identified security vulnerabilities, one of which is rated Critical. The new version also includes the new version of Adobe’s Flash Player, released earlier today. Further details are given in the Release Announcement.
Because of the security content of the new version, I recommend that you update your systems as soon as you conveniently can. Windows and Mac users should get the new version via the built-in update mechanism. Linux users should get the updated package from their distributions’ repositories, using their standard package maintenance tools.
You can check the version of Chrome that you have by clicking on the tool menu icon, and then selecting “About Google Chrome”.
October 8, 2012
Adobe has released security updates for its Flash Player software that address a number of critical security vulnerabilities. According to the Security Bulletin [APSB12-22], the affected versions of the software are:
- Adobe Flash Player 11.4.402.278 and earlier versions for Windows
- Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh
- Adobe Flash Player 126.96.36.199 and earlier versions for Linux
- Adobe Flash Player 188.8.131.52 and earlier versions for Android 4.x
- Adobe Flash Player 184.108.40.206 and earlier versions for Android 3.x and 2.x
(The Adobe AIR software is also affected; please see the Security Bulletin for details.) Adobe has identified 25 vulnerabilities fixed in this release. Of these, 14 involve buffer overflows, and 11 involve memory corruption bugs.
The updated software has the following new version numbers:
- Windows and Mac OS X: 11.4.402.287
- Linux: 220.127.116.11
- Android 4.x: 18.104.22.168
- Android 2.x, 3.x: 22.214.171.124
Google will presumably release a new version of the Chrome browser to update the bundled Flash Player. For new AIR version numbers, please see the Security Bulletin.
Because Flash Player is so widely installed across different platforms, it is a tempting target; I recommend that you update your systems as soon as you conveniently can. Windows and Mac users can get the new version using the update mechanism built into the product; alternatively, you can get the new version from the Flash Player download center. Windows users should remember that they may need two updates: one for the Internet Explorer plugin, and one for any other browsers they may have.