Under normal circumstances such a vulnerability would allow remote code execution and would be considered critical. However, because Google Chrome uses a native sandbox that prevents attackers from executing malicious code, the severity of the bug was downgraded.
The vulnerability was discovered by Mozilla security engineer Christian Holler, who was paid US$1,000 through the Chromium Vulnerability Rewards Programs for reporting it.
The new Google Chrome 15.0.874.121 for Windows, Mac, Linux, also addresses a non-security issue that causes SVG elements loaded within iframes to ignore specified dimensions. This is actually a regression bug introduced by recent code modifications.
Home users are advised to upgrade to the new version by using the built-in Chrome update mechanism, which can be triggered by restarting the browser. Corporate network administrators can deploy it by using the Google Update for enterprise policy.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.