August 24, 2010, 8:28 AM — Google's decision to push Adobe Flash security fixes using Chrome's silent update service has resulted in a seven-fold increase in patching speed, a Google software engineer said.
Adobe issued an update Aug. 10 for Flash Player that patched six vulnerabilities . Within two days, more than 70% of Chrome users were running the fixed Flash, said Panayiotis Mavrommatis , a developer who works on Google's security team.
That update pace was seven times faster than in June, when Adobe shipped a much larger set of Flash fixes . According to Mavrommatis, it took about 14 days for about 70% of Chrome users to upgrade to the then-newest version of Adobe's popular media player.
Mavrommatis based the update percentages on traffic to secbrowsing.appspot.com , a site that reports outdated plug-ins. The Chrome "SecBrowsing" extension issues warnings about out-of-date plug-ins, then shunts users to the site for more information.
The extension was created by Mavrommatis and several other Google developers.
Between the June and August Flash upgrades, Google began bundling the plug-in with the "stable" build of Chrome, and serving Flash Player security patches to Chrome users via the browser's built-in silent update service.
Google announced the partnership with Adobe in March, and first rolled out the patch integration in the less-reliable "dev" and "beta" builds. Chrome is the only browser to automatically update Flash Player with its own patch mechanism.
Rival Firefox, however, features built-in plug-in checking that warns users when Flash Player -- and several other popular plug-ins -- are outdated.