If You Bundle It, You Own It

Gregg Keizer, Computerworld:

Several Google security engineers have countered claims that a French security company found a vulnerability in Chrome that could let attackers hijack Windows PCs running the company’s browser.

Instead, those engineers said the bug Vupen exploited to hack Chrome was in Adobe’s Flash, which Google has bundled with the browser for over a year.

The bug may not be in Google’s code, but so long as Chrome includes Flash as a bundled (and enabled by default) component, Flash is a part of Chrome. (Via Slashdot, and headline quip from commenter “manonthemoon”.)

Thursday, 12 May 2011