[magicalist]

Flash can be upgraded independent of Chrome (and it's not entirely clear why you're worried about sites sending exploits via Flash but not about those sites using the numerous RCE exploits that have been released for 10.7 but not patched).

[alyandon]

Yes, I know that Flash can be manually kept up to date. However, it's nice to have Google taking care of that issue via updates to Chrome.

Regardless, for me it's more about risk management. What's the more likely scenario? That an attacker compromises my internal network in order to launch attacks on my son's OS X box to compromise it via some known service exploit or an attacker serving malware that targets Flash vulnerabilities via a compromised host or ad network?

I tend to read more about the latter category than the former.