[freehunter]

If it takes buying new hardware and the risk is minimal (how much personal information is stored on the device?) then it doesn't matter too much.

[magicalist]

Then just run the non-updating version of Chrome?

[alyandon]

Chrome won't be getting updates and I'm assuming that means no security updates for the version of flash bundled with Chrome.

[magicalist]

Flash can be upgraded independent of Chrome (and it's not entirely clear why you're worried about sites sending exploits via Flash but not about those sites using the numerous RCE exploits that have been released for 10.7 but not patched).

[alyandon]

Yes, I know that Flash can be manually kept up to date. However, it's nice to have Google taking care of that issue via updates to Chrome.

Regardless, for me it's more about risk management. What's the more likely scenario? That an attacker compromises my internal network in order to launch attacks on my son's OS X box to compromise it via some known service exploit or an attacker serving malware that targets Flash vulnerabilities via a compromised host or ad network?

I tend to read more about the latter category than the former.