The problem wasn’t in the plugin itself but in the remote script called by the plugin.
In the meanwhile you removed and added again the plugin the remote script has been cleaned by the author directly on the CDN that serves that file.
The reason only Chrome was affected is that, looking at the source code (as I mentioned here: http://stackoverflow.com/questions/18811975/malware-update-flash-player-exe-found-in-http-vjs-zencdn-net-c-video-jsver-3), malicious code checked for browser name and executed only if Internet Explorer or Chrome was used.
The cause was a compromised script included into your page.
The inclusion code in your page is:
<script type='text/javascript' src='http://vjs.zencdn.net/4.0/video.js?ver=3.6.1'></script>
The script’s author promptly cleaned the file as you can read on his blog:
– http://blog.videojs.com/post/61309840958/unauthorized-modification-of-video-js-cdn-files
So the bottom line is that the problem has been solved.
