[thrillgore]

My understanding is that Chrome for Flash uses Pepper (a NaCl extension) for its plugin support so its not a vector for attack. You can always turn it off from chrome:plugins.

[wnevets]

>plugin support so its not a vector for attack.

I wanna say this is untrue, I vaguely recalling an exploit within the past month or so.

[cpeterso]

Hacking Team’s Flash 0-day: Potent enough to infect actual Chrome user

http://arstechnica.com/security/2015/07/hacking-teams-flash-...