Google has published a update to its Chrome browser that addresses a newly discovered high risk security hole.

Chrome version 3.0.195.24 sorts an error in processing long floating point numbers that creates a means for hackers to execute malware within the Google Chrome sandbox. The flaw in the dtoa() component of Chrome's engine is of a type that might lend itself to drive-by download attacks, as explained in Google's advisory here.

Although any malware would only run inside Chrome's sandbox, Google still defines the flaw as "high risk". Security notification firm Secunia goes further and describes the flaw, discovered by Maksymilian Arciemowicz of SecurityReason (advisory here), as "highly critical". ®

Related stories

• Firefox and Chrome updates spike stability bugs (6 November 2009)
• Google wheels out Chrome, Wave updates (3 November 2009)
• Google edges closer to Mac version of Chrome browser (15 October 2009)
• Chinese whispers hint at early Chrome OS release (2 October 2009)
• SSL spoof bug still haunts IE, Safari, Chrome (1 October 2009)
• Mozilla sides with Microsoft against Google IE (29 September 2009)
• Updated Microsoft howls as Google turns IE into Chrome (24 September 2009)
• Google bolts 'stable' Chrome 3 onto interwebs (16 September 2009)
• Google applies patch to nasty Chrome vulns (26 August 2009)
• Google polishes another Chrome beta (6 August 2009)