Adobe released a new security advisory today addressing a zero-day vulnerability with security advisory APSA11-01.  A critical vulnerability exists in Adobe Flash Player, Adobe Reader and Adobe Acrobat.  Adobe has received reports of attacks against the Flash Player program but not against the other affected products.

Adobe is planning to release patches next week for Adobe Flash Player 10, Adobe Reader 9 and Adobe Acrobat 9 to address the zero-day vulnerability.

Adobe Reader X (10) and Adobe Acrobat X (10) are both also affected by this vulnerability.  Due to Adobe Reader X and Acrobat X “Protected Mode,” attacks on this zero-day vulnerability cannot occur.  So, Adobe will address this vulnerability with a patch during their next scheduled security update on June, 14 2011.

More information on Adobe Security Advisory APSA11-01 can be found here.

Yesterday, Google released yet another version of their Chrome browser with the release of Google Chrome 10.0.648.134.  This version of the Chrome browser includes a new version of Adobe Flash Player.  Google Chrome comes with the Adobe Flash Player built into the installation.  I have not seen any reports from Google or Adobe regarding the Adobe zero-day vulnerability and Google’s recent update around Flash Player.  Maybe Google Chrome has the fix for the zero-day built into the latest release?

According to Adobe’s Flash Player website, Google Chrome has Flash Player 10.2.154.12 installed with the latest version of the browser.  When the Flash Player website identifies my version of Adobe Flash installed inside of Chrome, the site tells me version 10.2.154.25 is installed.

Regardless, it is time to update your Chrome browsers in case this latest release contains a security fix for the Adobe zero-day vulnerability.

- Jason Miller