Google has released an update to Chrome which enables the intergrated Flash Player by default. It is difficult sometimes for users and administrators to balance security and Flash content. First up, make sure that you review and your Flash Player Settings. In Chrome you can open the Flash Settings Manager by selecting Clear Browser Data.
Issuess adressed include the following:
- [38105] Medium XSS via application/json response (regression). Credit to Ben Davis for original discovery and Emanuele Gentili for regression discovery.
- [43322] Medium Memory error in video handling. Credit to Mark Dowd under contract to Google Chrome Security Team.
- [43967] High Subresource displayed in omnibox loading. Credit to Michal Zalewski of Google Security Team.
- [45267] High Memory error in video handling. Credit to Google Chrome Security Team (Cris Neckar).
- [$500] [46126] High Stale pointer in x509-user-cert response. Credit to Rodrigo Marcos of SECFORCE.
Users then should consider reading the following post releated to Flash settings.
Another way to manage the risk related to Flash content is to install the Chrome extension Flash Block, available here.
This is a short description from the download/installer page.
Short Description: ============= The extension automatically blocks flash content on webpages. Each flash element is being replaced with a placeholder that allows you to load only selected elements on a given page. You can also manage a whitelist of allowed websites via a configuration panel. In general, FlashBlock helps with lowering memory usage, reducing cpu cycles, and can be used as an alternative to AdBlock.