Google has pushed out a patch for two severe vulns found in its Chrome browser.

Mountain View released Chrome 2.0.172.43 yesterday that fixes an attack on Google's V8 JavaScript engine.

The patch additionally closes a security hole on pages carrying XML-encoded information that could cause a browser tab to crash, allowing an attacker to run arbitrary code within the sandbox.

The company's engineering program manager Jonathan Conradt noted in a blog post that details of the vulns won't be released by Google until "a majority of users are up to date with the fix."

Additionally the patch fixes a medium-rated flaw in the browser. ®

Related stories

• Google Chrome bug outs users seeking anonymity (14 December 2009)
• Google Chrome update fills in parsing bug (2 October 2009)
• Google bolts 'stable' Chrome 3 onto interwebs (16 September 2009)
• Firefox update quells quartet of security vulns (10 September 2009)
• Poor porn protection hurt Firefox 3 uptake (26 August 2009)
• 64-bit Chrome takes centre stage in Linux land (21 August 2009)
• Microsoft's web Office: No love for Chrome, Opera (11 August 2009)
• Google polishes another Chrome beta (6 August 2009)
• Mozilla squashes critical bugs in Firefox (4 August 2009)
• Mozilla makes rough notes on Firefox 3.6 (30 July 2009)
• Google puts Chrome updates on Courgette-only diet (16 July 2009)
• Chrome OS: Windows killer? (15 July 2009)