Under normal circumstances such a vulnerability would allow remote code execution and would be considered critical. However, because Google Chrome uses a native sandbox that prevents attackers from executing malicious code, the severity of the bug was downgraded.
[ Get your websites up to speed with HTML5 today using the techniques in InfoWorld's HTML5 Deep Dive PDF how-to report. | Learn how to secure your Web browsers in InfoWorld's "Web Browser Security Deep Dive" PDF guide. ]
The vulnerability was discovered by Mozilla security engineer Christian Holler, who was paid $1,000 through the Chromium Vulnerability Rewards Programs for reporting it.
The new Google Chrome 15.0.874.121 for Windows, Mac, Linux, also addresses a non-security issue that causes SVG elements loaded within iframes to ignore specified dimensions. This is actually a regression bug introduced by recent code modifications.
Home users are advised to upgrade to the new version by using the built-in Chrome update mechanism, which can be triggered by restarting the browser. Corporate network administrators can deploy it by using the Google Update for enterprise policy.