Skip navigation
roversrock
Currently Being Moderated

being prompted to update Flash, ignore?  v11.2.202.228 and v11.2.202.229 Google Chrome

Apr 11, 2012 4:11 PM

Just prompted by Adobe that an upgrade to Adobe Flash Player is available – within the bullets say includes security enhancements.


Two weeks ago I was made aware that there were security vulnerabilities with Flash.  My laptop was infected (3/26).  One of the recommendations from my anti-virus software company was to keep all Adobe products updated, especially Flash.  Also, I was given the recommendation to consider choosing a less common browser than IE; he used Google Chrome which has its own security features.  I had used Chrome once before when it was beta but downloaded the new Chrome, set security settings and testing it out.  A few days later, someone I know also in the IS community said their company (a large international company) is uninstalling all Adobe products from all of their employee computers completely.


In reading the Developer Release Notes, this upgrade is for v11.2.202.228.

 

The Adobe Flash website section detects I have v11.2.202.229 installed.  The latest version listed underneath was .228.  I questioned how I could have a newer, higher number, version if .228 is the latest release? This was odd, needed an answer and to verify I was current.


In reading the Security Bulletin, it says… “These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system… … …Adobe recommends users of Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.228 … … ...can install the update via the update mechanism within the product when prompted. Google Chrome will be updated automatically, so no user action is required. Google Chrome users can verify that they have updated to Google Chrome version 18.0.1025.151, which includes Adobe Flash Player 11.2.202.229.


This answered my question.  I am current…and then I found an Adobe forum thread asking if 11.2.202.229 files installed in the correct place.  I am deducing from the bulletin that the v.229 is designed with content or files specific for Google Chrome. And I am also deducing I was prompted that a new update is available because Flash Auto Update is looking for any version other than or is “not v.228” and not looking for “both v.228 AND v.229 files” on one’s computer? Concluding that I should ignore this prompt, check “do not remind me about this update” now and in the future if using Chrome [but I would still always need to verify Flash has been updated on my computer or verify I have the latest version of Google Chrome, before ignoring]? And if I do choose not to continue using Google Chrome (uninstall), I should then resume with manual updates.  Please provide feedback.


If true, my recommendation to Adobe would be to design the Flash Auto Update to search for *all* versions related to the latest release to avoid a false prompt from appearing and/or *also include within the text of the standard Auto-update prompt’s window the same verbiage as within the Security Bulletin (which is not normally read by users) regarding Google Chrome, directing that no user action is required. It may or may not be harmful for someone to proceed with installing v.228 when they already have v.229… meanting it may not delete or replace any important files specific to Google Chrome and protecting against security vulnerability as it might be that .229 may only have a few additional files. *Another recommendation would be that both the .228 and .229 v for Google Chrome be listed as the latest release on Adobe Flash website page and release content.  This may have been a timing issue.  Google/Adobe might want to re-consider the timing/order in which they deploy their versions or re-consider the auto-update feature within Google Chrome all in itself to avoid confusion, avoid the need to then verify it anyway afterwards (an added step in itself) and avoid Google Chrome users that are completely unaware of this and what action to take, from updating to a different incompatible version that could possibly conflict with the requirements of Google Chrome or its security.  However, everything would be resolved by the first recommendation.  I did wonder why I just got prompted today for a release on March 28th, but luckily it looks like I have the latest version.  And I did find it interesting how I noticed underneath the install for Adobe AIR that you may have to disable your anti-virus before installing.


I look forward to your feedback to my question confirming whether or not I should just to ignore this update.  In effort to prevent PCs from future attacks, I provided my feedback and recommendations.  Thank you.


 
Replies
  • Chris Campbell
    9,446 posts
    May 4, 2010
    Currently Being Moderated
    Apr 11, 2012 4:38 PM   in reply to roversrock

    As you noted, Chrome uses a built in version of the player.  New updates of Flash will be automatically downloaded by Chrome when it updates itself.  Flash Player for Chrome will not notify you for updates.  Manually downloading or updating Flash Player from Adobe will not affect Chrome's installation of Flash Player.

     

    Many machines have multiple versions of Flash Player installed.  For example, on my system I have Chrome's version, the plugin version (for Firefox and other applications), and the Active X version for Internet Explorer.  I suspect you might be getting notified for one of these versions.  Can you check to see if the following folders are present and list out the files they contain?

     

    c:\windows\system32\macromed\flash

    c:\windows\syswow64\macromed\flash (if you are using windows 7 64-bit)

     

    If you'd like to only use the version of Flash provided by Chrome, please use the uninstall steps for Flash Player detailed in this help document:

     

    http://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows. html

     
    |
    Mark as:
  • Chris Campbell
    9,446 posts
    May 4, 2010
    Currently Being Moderated
    Apr 11, 2012 6:49 PM   in reply to roversrock

    Chrome is completely separate.  If you had installed .228 it would not have changed Chrome's plugin at all.  Chrome stores all of it's files in a different place.  The only thing shared are the user settings and cache.

     

    Do you by chance have an HP printer driver installed?  You've got some older versions of Flash player in your folder that lead me to believe you have other software using it.

     
    |
    Mark as:
  • Chris Campbell
    9,446 posts
    May 4, 2010
    Currently Being Moderated
    Apr 12, 2012 6:43 PM   in reply to roversrock

    I'm not sure if Elements uses Flash.  If I had to guess I would say no, it most likely uses AIR instead.

     

    I have heard numerous reports that HP uses an older version of Flash Player, usually version 9.x.  I'd recommend contacting them to see if this can be removed and if they can use 11.2 instead.

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points