flash player is still 126.96.36.199
Uh oh. Here we go again with Flash Player being updated via the component update. I just hope it doesn't take days or a week as it did a couple of times last year. Apparently there is a rather nasty Flash exploit squashed this time around so it would be in our best interest to get the update sooner rather than later.http://tinyurl.com/FlashExploit
How does this component update work? Any way to force it to initiate, none that I can see, letting the browser check for updates just says everythings up to date. My Flash version is still 188.8.131.52 too.
Go to "chrome://components/".
mike.it dosent :(
Jacob,Go to "chrome://components/" does not display flash player as an update option. My flash player is still 184.108.40.206, any other way to force a chrome flash player update?
Jacob,Same here, this happened the last time- I had 2 go to http://helpx.adobe.com/security/products/flash-player/apsb14-17.htmlHopefully "Google" fixes this.
I thought HTML 5 was supposed to make flash obsolete. Are web designers just not implementing it?
Still not seeing any update in any of the computers I have that run Chrome.How long does one of these "component updates" usually take?
Pepper Flash is also still at 220.127.116.11 here ... MORE than 12 hours AFTER Crapdobe... err... Adobe released the Flash Player Update for IE and Mozilla based browsers.Using "chrome://components/", as suggested above, to "force" an update is useless as it doesn't even pick up the Pepper Flash version number next to the button - and the normal updater also doesn't pick up any update.Conclusion: Scroogled!@Google: Your updates distribution really sucks donkey rears ... no matter if we talk Chrome on a desktop computer or your r-tarded "staged rollouts" on Android.If Chrome doesn't update Pepper Crash... err... Flash within the next 6 hours I'll tear that pile of a browser finally off my computer and revert to FireChrome... err... Firefox where I can at least install Crapdobe's update (and also get it way faster than from).
Ok, this is idiotic.- Chrome doesn't update the Pepper player, which it preferences silently, so we still have the bad one.- Adobe Air doesn't download an updated Air player from their web page either - they're still sending the old and vulnerable one.What I did:- using the abilities hidden under the 'details' link atop the chrome://plugins page, I disabled Pepper Flash. Now the normal Flash which auto-downloaded 18.104.22.168 sixteen hours or so before is in use, proved by adobe.com/software/flash/about- removed AIR from this machine, and seeing if there's any reason to have it. Besides the current case, it _never_ auto-updates or informs.Question: what kind of shops are Google and Adobe running, anyway, that they think it's just fine to have these hazards continuing themselves for all normal users? And in the modern version of no courage at all, silently?
I have to agree with Jochen Blacha's assessment.Google's approach to updating is one of the worst in the industry. Staggering security updates is just a joke.IMO they really SHOULD offer a manual update button for all of their products, that ALWAYS works when a new version is available.
chrome://components shows Pepper-flash as being really old, and not the same as Adobe's about flash player page. Pressing Update does nothing. I have Chrome automatic updates disabled as I manage them centrally so just wondering how this update can happen?
@David Williams: Thanks. But, you know what's really "funny" in all of this?Reportedly it was a Google Engineer who discovered the current "data stealing" flaw in Adobe Flash, yet that hive of morons is not able to come up with a working distribution mechanism to deploy security updates to each and every client world-wide at the very same time (ther "at the very same time" actually refers to the idiotic staged roll-outs through the Play Store in Android).Microsoft, in comparison, has done a whole lot of things totally wrong in the past and recently, but their update distribtuion is a prime example of how to do things absolutely right. Hell... even Mozilla has a working update system for the browser.And since Chrome failed to update Pepper Flash for MORE than 24h AFTER Adobe released the update packages... Google Chrome wiped off my computers for as long as they have no idea what "security" and "update distribution" means; jacking jaws about it in blog articles to vent hot air is not a working security and update deployment strategy.Google's slowly worse than Microsoft and Oracle combined.
Update got damn Flash Player!!!!!!
I have information that chromebook users do not experience those problems. What is happening? How can Google allow this to happen? Browsers won't update. Though I have an option for you guys, for those who didn't switch from chrome to mozilla yet, maybe you should try reinstalling chrome, chrome downloaded from the official website always comes with all the latest components. Anyone wanna try and write a report?)
Yeah, this sucks! Flash player won't update.
C'mon Google. This is serious vulnerability. Get your house in order.
Same problem here. Chrome on multiple machines (W7, XP, Linux) still shows the flawed version of Flash, more than a day after the vulnerability was announced, per the control on this page:http://helpx.adobe.com/flash-player.html
Any idea when the update will be pushed out?
Still not seeing any update on any of my machines either. Would be helpful if someone from Google could clarify the situation...
On my wife's PC plugin has just updated itself, I didn't do anything, the Chrome was opened for like several hours that is it. On my PC plugin is still 22.214.171.124. I decided to just leave my PC with the Chrome opened and wait untill it updates. Guys from Google - SHAME ON YOU!!!You make dozens of people from all around the world vulnerable against threats from the web, because one of you decided to run Flash Update through components update on this Patch Tuesday, without updating version of the Chrome itself. And I bet you guys know about this problem, hours pass one by one, and people still have outdated plugins. And still no action. Google is one of the largest companies in the world with millions $ income, you say security is your number one priority and you can't update a plugin? How is that? This is a disrespect, stupid of you.
Really, this is not the first time time when google runs flash update through components update, and everytime hundreds of coments of unhappy customers. Will somebody give me an explainational of these profoundly stupid acts?Are they just trying to push us to other browsers? Or are they trying to be difficult? Or what?/I am mad as hell!!And I am from the Ukraine! Yeah, I learned foreign language just to let people from Google know how they screwed up!!!LOLNEVER EVER AGAIN UPDATE FLASH OR ANY OTHER PLUGIN WITHOUT ISSUING THE NEW VERSION OF THE BROWSER, COMPONET UPDATE MUST DIE!!!!!!!!!!!!!!
Yeah I am thankfull for releasing a pre-beta(canary) version of 64bit Chrome. Really THANK YOU! All browsers are 64 bit, chrome is the latest, that is just fine, I can survive it. I prayed to God to make you develop 64bit version, and you did it in the middle 2014, wikipedia says 64 bit architecture exists since 1975, 35 YEARS, and now finally, chrome is 64 bit, almost, still need to wait for a STABLE 64 bit version! But after making such a giant step forwad how could you let the Flash Player update through components update again?"It is a silly fish that is caught twice with the same bait"
every flash update the same shit. every andorid the same shit. it's not feasible for google to rollout this to every onetime. even if you try to update manually via chrome://components you will not get the update once. you'll have to wait until google thinks it's ok and you are ready for update.that a very weak patch deployment strategy. browsers have broken plugins installed for days because google is not able to deploy the plugins in a timely manner. even adobe is faster know.this is very bad. time to switch to another browser. chrome may be the fastest browser but the concept of deploying updates and component updates is the weakest one!
Someone here said "On my wife's PC plugin has just updated itself, I didn't do anything, the Chrome was opened for like several hours that is it."Well I've had Chrome open for well over 4 hours now, which is rare since I don't even spend much time on my laptop during the day, so having to keep it on, and the browser open for hours upon hours just to get the security update for Flash is incredibly stupid. And thats it if even worked, because it didn't. Chromes been open for over 4 hours, and the internal Flash plugin is STILL not updated.This is ridiculous. I had the Flash plugin for Firefox updated within hours of it being announced because I just went to Adobe.com and grabbed it.For now I guess I will just disable Chrome's internal Flash and make it use the external one thats also installed for Firefox. Does anyone know if that will stop it from updating it tho entirely, when someday that actually happens.An actual reply from someone at Google or on the Chrome team would be nice to all these commenters complaining, only because they want their browser to be secure, and until that Flash plugin is updated, or disabled, Chrome is NOT secure. This is really making me question whether Chrome even deserves to remain the system's default browser, and if I should remove it entirely from my mother and sister's computers that rely on me to keep them updated and put them both back on Firefox.
Well, I just checked it again, and it finally updated, even tho it was disabled, it updated, and re-enabled itself once updated. It only took about 5 hours of the browser being open.
Yeah, i left PC working for the whole night today, with chrome open. Nothing. I set the PC to prevent if from automatical shutdown or sleepmode etc.This is the biggest cybersecurity dissapointment of the July 2014. And what drives me really mad, look noone from google replies. They must be just sitting out there in Google's Office, chilling in a jacuzzi and laughing at us.LOLI really would like to stick with chrome, because all other browsers are to cluttered. And crome is nice, simple and uncluttered, and it is soon going to be 64 bit even. They should fire the person who issues Flash Update through component updates all the time, and it is just going to be fine.
Really enough of me, goodbye chrome. I am switching to IE.
Gotta agree with the disappointment expressed here. We're in a corporate environment and I've had Chrome running for the last 12 hours and still no update. I was given lots of grief for not wanting to install Chrome on our desktops as I just wasn't comfortable with the security issues, but I finally relented when we ran into a vendor website that refused to run in IE. Now I'm not sure what we're going to do, but to think that we're two days into this and still no updates... All of our IE users were patched on Tuesday. Very troubling.
Yeah, I just removed Chrome and started using IE, and realised that I can't install adblock and web of trust addons on it, I am so used to using the web without adds and when web of trust warns me about website safety. Now what? Mozilla? Mozilla is not 64 bit for wondows anymore, and Chrome promises to be 64 bit starting from version 37. I am in a sort of frustration.
It is now July 10, 2014, and still no Pepper-Flash update (still at .125). I guess Google doesn't care about security.
My home pc updated flash but my work desktop running GoogleChromeStandaloneEnterprise has not updated flash. They also have not posted a new installer with the updated flash.
Seeing the same thing... after days the Standalone Enterprise installations have not updated on any of our desktops.I checked to see if there was a GPO setting to disable Flash, but no luck. If it's not updated by tomorrow I'll be pulling Chrome from all workstations over the weekend.
Enable or disable Adobe Flash PlayerThese instructions apply to Google Chrome on Windows, Mac, Linux, and Chrome OS.Type chrome:plugins in the address bar to open the Plug-ins page.On the Plug-ins page that appears, find the "Flash" listing.To enable Adobe Flash Player, click the Enable link under its name.To disable Adobe Flash Player completely, click the Disable link under its name.
Karen, what is interesting is Google's complete lack of response to any of the comments on this page.
Well, it finally just updated on my corp install. That only took three days, but at least it's done.
This is unreal. On a system which I have logged in on the Admin account for the past couple of days, I noticed that Chrome updated Flash to the .145 secure version. HOWEVER, on the same exact PC under the standard user accounts, the Chrome installs still show .125 and are not updating. This is the most idiotic thing I've ever seen. There's a fix, but Google won't let you have it.
+Andrew Dz: www.palemoon.org - Pale Moon is a popular fork of Firefox that's also available as a very well working 64-Bit build. The browser is well maintained in terms of security updates; the only recent change is that it does no longer sync with "Firefox Sync" but only with their own Palemoon "Weave sync". This is a result of the forking away from Mozilla's code-base.Alternatively you can use, at the time of writing, Firefox 33 Alpha. The nightly trunk contains a "win64-x86_64" version (en-US only), but you well better don't consider that one a stable daily driver.You could also try to use Chromium (chromium.woolyss.com/download/), but that 64-Bit builds are also best considered non-stable.If you want, or need, a stable 64-Bit browser you best run with Pale Moon.
still no update on a lot of machines here. and the best of all: even if this fucking plugin will update it's done on per user not per system. why to hell can we install this fucking browser systemwide when plugins gets update per user?time to put this fucking browser to the trash and switch back to firefox. they know what they are doing. google becomes more and more a nightmare.
Debacles like this are why I prefer Mozilla Firefox. (FYI: The clever among us can update PepperFlash on Linux by grabbing it from Chrome beta.)
Stuart,I was tempted to simply take the updated pepflashplayer.dll and replace all instances of the older version of the .dll, but I'm concerned that's not the only file that needs to be updated. I'm also not sure if my Windows 7 version of the .dll is the same exact file for Windows 8 (I have a Win 8.1 system that still has not received the update after leaving it on most of last night).It would be wonderful if someone from Google would actually post here advising us of the appropriate steps to get updated, but sadly it looks as if they just don't give a ----.
What's even more troubling is that you can't seem to even get it from Adobe directly. I went to:http://get.adobe.com/flashplayer/?fpchromeAnd downloaded the installer, which did absolutely nothing to the version Chrome was using.Ridiculous!
Here's an update. Downloading the installer direct from Adobe (see url above) will work, but with the following caveat. Once installed, you'll now have two flash players available to Chrome that show up in chrome://plugins. The first will be the old .125 vulnerable version. Disable that one and simply use the new .145 version.
@MarkM Thanks for that tip, I actually got 126.96.36.199 using your tip, I disabled the first one which was .125 and the second one was .146 see here http://screencast.com/t/CqjdE4RRJO
FINALLY!!! Received 145 @ 6:30p.m. Hope this does not happen to often. Had to disable 125 and enable adobe 145 in the interim. I'm with everyone else that believes this "component" route to flash updates (or anything else) is total crap!Google... please read, think, and listen to your users.
I have turned off IE, and installed chrome again. Because even though Chrome team screwed up on this patch tuesday with it's damned components update, I am just so used to using chrome, and chrome is good, fits right in my laptop setup. Surprisingly I didn't have to set it up again after intallation, i just entered my google credentials and my settings, add-ons and bookmarks were there. I wish components update would work as seamless as synch.:) But to my deep regret flash ver. was still 125. I just left chrome open for like 7 hours or so, checked again, and what you think? Still 125. I said to myself, ok, screw it, and just kept browsing, then without a shadow of hope I checked the version, and yes it was 145!! Miracle! Ok my conclusion is, Chrome is a good browser, but guys from google, you want chrome to be number one then listen to the what your customers say, total ignore and disrespect of you, I and and anyone who posted here didn't expect that.
Karen, it sure would be nice to get even one response from Google to this 50+ post thread.Our Windows systems finally updated (after 5 days of exposure). I'm not sure if it was due to the users repeatedly clicking "check for updates" on the chrome://components page, or them repeatedly re-launching the browser, going to "About Google Chrome", etc., or if the update would have happened on its own.That leaves Chrome on our Linux systems still running the vulnerable .125 version. Adobe says that .145 is current for Chrome on Linux. See:https://www.adobe.com/software/flash/about/PS This component upgrade method really sucks.
I keep praying for one of these Flash updates to fix WWE Network no longer working. It had worked for months and then suddenly ceased to load videos whether they were on demand or live.It even worked when I first hooked up my Chromebox, and then after the updates and everything, it went back to not working.Pepper Flash really is atrocious.
what an epic fail. since tuesday google is not able to deploy the flash plugin to anyone. even if you got the update it's only user based not machine base. i hope adobe stops this and start itself to make everthing for all browsers. even microsoft is able to do this in a timely manner. but not google.
I have a question for Google's legal division:This very blog implies that end users need not do anything to be automatically updated to the secure version of Pepper Flash. In fact, this blog refers and links to Adobe's security bulletin, which provides: "Adobe Flash Player 188.8.131.52 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 184.108.40.206 for Windows, Macintosh and Linux."Having made this public representation, doesn't Google's legal team think that there would now be a duty on the part of Google to live up to that representation and not instill upon the public the false sense of security? Another question for the legal team assuming the first question would be answered in the affirmative: Do you think that considering the patch has been available for days now yet apparently many (perhaps most?) Chrome users are still vulnerable, that Google has breached its duty, and therefore would be held liable for any damages Chrome users would incur as a result of the breach?Would love to know Google's attorneys' answer to those questions.In any event, I think it's clear that Google has acted irresponsibly, and Google's lack of involvement in this thread shows that it really doesn't care about security or its concerned users. Very disappointing since I have relied upon and recommended Chrome to most all my friends, family and colleagues.
I'm actually fortunate in that I hav many computers at my disposal to test. One of the multi-user-account systems has the "Alternate" install of Chrome for all users (see: https://support.google.com/chrome/answer/126299 ), in which the default path to the Pepper Flash .dll is here: C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\When this system's admin account received the update though, it placed the update the the admin account's local AppData, which of course cannot be accessed by the other user accounts.Thus, I suspect the other user accounts might never get the update. I've manually copied the new 220.127.116.11 pepflashplayer.dll into the appropriate shared directory (overwriting the vulnerable 18.104.22.168 version) and, although chrome://plugins still reports 22.214.171.124, Adobe reports running 126.96.36.199.I'll let you know if the non-admin account ever updates officially however, I suspect that it will not and that users of the alternate Chrome install cannot at this time rely upon component update system. Would really be nice if someone with half a brain from Google (perhaps someone other than post-and-run Karen Grunberg) can confirm my hypothesis.
That's very smart, Mark. You may have hit the key point. In which case the responsible Google team has really dropped the ball here, twice. For not understanding or _testing_ the consequences of their no doubt considered 'neat' move to change how updates work, first. And then to go silent as rabbits, when things don't turn out as they expect, and real customers let them know that. Where's the partnership, vs. the 'social' politics Google is now infamous for?
Chrome autoupdated flash plugin to 188.8.131.52 but after that comes the "could not load Shockwave flash" notice...
This blog post:http://bovitron.com/blogostu/2014/07/10/installing-pepperflash-14-0-0-145-for-chrome-35-0-1916-153-on-slackware-14-1/shows how (on Slackware) to get the PepperFlash version 184.108.40.206 Files from the Beta rpm installer into Chromium for Linux. I run Ubuntu 14.04, so my route was as follows:Download the Beta Installer as the rpm package.Using File Roller or Archive Manager, extract the required files from the rpm package and save the extracted files somewhere (I used my desktop in Unity).We will need only two extracted files:libpepflashplayer.so andmanifest.json Both are found inside the Chrome Beta installer under./opt/google/chrome/PepperFlash/(Yes, the Top-Level Folder as seen by the Archive Manager is labeled simply ".")Copy (using gksu Nautilus, as this must be done as Root) the two files needed to both the PepperFlash Nonfree Plugin Folder and the PepperFlash Nonfree Installer Folders (The MAnifest is really only needed in the Instaaller Folder).(/usr/lib/pepperflashplugin-nonfree and /usr/lib/pepflashplugin-installer)I rebooted and restarted Chromium for safety.Chromium still displays in chrome:plugins the .125 version number. But when tested at the three Adobe Test Pages, the PepperFlash version was revealed to be the .145 upgrade, just as it should be. All security requirements should now be met, even if Chromium itself doesn't know we have updated PepperFlash. By Gawd, I wish Google would get up to speed with this issue, but the workaround does work for me. Save this post in your notes, folks, as I strongly suspect that we haven't seen the last of these "Component Route" updates by a long shot!
i d-loaded stable earlier today. no flash 145 yet.
oops, forgot to ask... will flash update if it is disabled or in click to play mode?????in chrome>components, click on update pepper > nada.
My Chrome on my main PC has finally updated. Weordly it was only a ffew ours after I disabled pepper flash so I'd be using the firefox plugin instead. But now they are both 220.127.116.11.
Online Business with hourly profit, Just Invest and RestAllTimeProfit.com
Update: My method was incomplete. There's one last cosmetic step to take.Using any Editor with Root privileges, edit /usr/lib/pepflashplugin-installer/pepflashplayer.sh to read the current version where listed in the file. It only appears once, and it's a short file. Now everything's in sync and up to date. Chromium now displays in chrome:plugins the .145 version number. When tested at the three Adobe Test Pages, the PepperFlash version was revealed to be the .145 upgrade, just as it should be. All security requirements should now be met, and Chrome itself knows it has had the update.
Well, it finally updated. Sunday morning wee hours, as it wasn't there Saturday evening. I'm now debating whether to block this Pepper version, debating between its possible security advantages when up-to-date, and Google's woeful risking of my computer by not keeping it up-to-date.You really could do some good by telling us how you are making sure you won't repeat what happened here, Google.
Zeke... your question "will flash update if it is disabled or in click to play mode?????". Yes, I had pepper 125 disabled and Adobe 145 enabled when I got the update. All I had to do was disable Adobe, enable pepper, and all was fine...
Thanks Mr. Hubbardim on mac. do not use adobe standalone. i only use chrome's pepper.still not updated.not using chrome until pepper is updated. :(d-loaded stable today. d-loaded yesterday too. the stable d-load still comes with .125 :( :(thanks.Z
Tired to wait for pepper-flash auto update to ".145" for FIVE days with no success.I've found a method to update it manually:1) Run the chrome portable on-line installer and select the Canary version (because this version comes with pepflash 18.104.22.168)2) When portable installer finishes, uncheck "Run chrome portable" and exit it3) Look inside ChromePortable canary for the folder PepperFlash (containing pepflashplayer.dll & manifest.json) and copy it, for example, to root (C:)4) Now create a shortcut to launch chrome stable (installed or portable version) with this command lines (append it leaving one space after the .exe):--ppapi-flash-path=C:\PepperFlash\pepflashplayer.dll --ppapi-flash-version=22.214.171.124(avoid spaces in folder names)5) Now check if chrome picked up the new pepper flash from...adobe's website:http://www.adobe.com/software/flash/about/or:chrome://plugins/
Marcelothanks but im not very tech savyquite basicpepper not updated yet. the time this is taking is a bit worrisome. if the vulnerability is severe...best keep pepper disabled.i've tried chrome://components update but nothing happens when i press da button. im on stable.ill have to be patient&wait, with pepper disabled.
@zeke: Sorry, I see you are on MAC and this method is only for Windows.Also works replacing PepperFlash from Canary into Stable (no command line needed), but Chrome will show wrong version in chrome://plugins/ but not at adobe test version page
interesting...i run chrome in a guest account (mac)the chrome @ guest account was updated to .145 but chrome @ admin account is not, still on .125
I JUST RE-INSTALLED CHROME AND EVERYTHING IS UP TO DATE.. PEACHY!!
jeanluc,re-installed and now both admin and guest chromes are .125 (chrome guest acc updated yesterday but admin did not) this component update is very very irritating.not peachy at all.
Flash Shockwave Player constantly crashes with this version. Why do I feel like I am a guinea pig with the "stable"version?
About the time of this update, shockwave flash objected in PowerPoint broke across several computers I use. I wonder if it is related?
What about Chromebooks now?On Mac and Windows the update took place (even if very late).On my Samsung Chromebook nothing happened and chrome://components does not apply on Chromebooks!
Today is July the 17 and my Chrome on OS X 10.9.4 is still using the old version 125 of the pepper flash plug-in, what's going on here?This component update seems to be buggy, otherwise it should be Flash version 145 since some days now!
Both my Windows and Linux Chrome installations have today updated themselves to 36.0.1985.125 which includes pepper flash 126.96.36.199.
As it has been a few weeks since Chrome did this oh so wonderful 'update' / system still crashing at times, oh Google SHAME ON YOU again!!!
At the end on my MacBook with 10.9.4 Mavericks my Google Chrome also updated to the actual version 36.0.1985.125 two days ago and now the integrated Flash is version 188.8.131.52 ... But now we know, this component-update never worked!
Post a Comment