Google fixes severe security vulnerability in Chrome browser

Google has released a new version of its Chrome browser to fix a "high severity" security problem.

An error in handling certain URLs in Google versions cross-site scripting (XSS) without user interaction, said Mark Larson, Google Chrome program manager.

"If a user has Google Chrome installed, visiting an attacker-controlled web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice," he said.

According to Larson, such an attack only works if Chrome is not already running.

XSS attacks can make a web browser process unauthorised code such as JavaScript to carry out a variety of other attacks such as stealing personal information.

The Chrome vulnerability was reported to Google by Roi Saltzman, a security researcher at IBM Rational Application Security Research Group.