Google's decision to push Adobe Flash security fixes using Chrome's silent update service has resulted in a seven-fold increase in patching speed, a Google software engineer said.
Adobe issued an update Aug. 10 for Flash Player that patched six vulnerabilities . Within two days, more than 70% of Chrome users were running the fixed Flash, said Panayiotis Mavrommatis , a developer who works on Google's security team.
That update pace was seven times faster than in June, when Adobe shipped a much larger set of Flash fixes . According to Mavrommatis, it took about 14 days for about 70% of Chrome users to upgrade to the then-newest version of Adobe's popular media player.
Mavrommatis based the update percentages on traffic to secbrowsing.appspot.com , a site that reports outdated plug-ins. The Chrome "SecBrowsing" extension issues warnings about out-of-date plug-ins, then shunts users to the site for more information.
The extension was created by Mavrommatis and several other Google developers.
Between the June and August Flash upgrades, Google began bundling the plug-in with the "stable" build of Chrome, and serving Flash Player security patches to Chrome users via the browser's built-in silent update service.
Google announced the partnership with Adobe in March, and first rolled out the patch integration in the less-reliable "dev" and "beta" builds. Chrome is the only browser to automatically update Flash Player with its own patch mechanism.
Rival Firefox, however, features built-in plug-in checking that warns users when Flash Player -- and several other popular plug-ins -- are outdated.
Chrome plans to steal a page from Firefox's playbook. In late June, Google announced that it would add functionality to its browser that would block certain out-of-date plug-ins from running. In a mid-July post , Mavrommatis said that Chrome is essentially pulling the SecBrowsing extension into the browser's code.
Chrome is currently the world's third-most-popular browser, but it lost usage share for the first time in nearly two years last month, according to data from Web metrics company Net Applications.
Chrome can be downloaded for Windows, Mac and Linux from Google's site.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org .
Read more about security in Computerworld's Security Topic Center.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.