The problem, which was discovered earlier this month, would have allowed an attacker to launch and run scripts of their choosing on a compromised machine.
Google said today that the issue, which was discovered and reported by Roi Saltzman of the IBM Rational Application Security Research Group in March, had a 'High' severity rating.
According to Mark Larson, Chrome programme manager, the flaw "could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker's choice", if they visited a maliciously coded web page in Internet Explorer.
In his initial report, Saltzman wrote, "Using three separate issues that reside in various parts of Google Chrome a malicious attacker can craft powerful attacks that endanger any user that browses a malicious site using Internet Explorer and has Google Chrome installed.
"[The issues] may result in highly dangerous attack vector as demonstrated in the attack vectors section.
The most severe impact of the vulnerabilities described in this document is achieving a successful Cross-Site Scripting attack on an arbitrary site.
An XSS attack enables numerous other attacks: an attacker could steal a victim's cookies, steal saved form filler data, modify user-browsing experience and facilitate phishing attacks."
Google said that although Chrome would update itself automatically on user machines, some human intervention, in the form of a manual shutdown and restart, would be necessary.
.jpg&h=140&w=231&c=1&s=0)
iTnews State of Security Breakfast
iTnews State of Data & AI Breakfast
The 2026 iAwards
.jpg&w=120&c=1&s=0)
Integrate 2026
Security Exhibition & Conference
_(1).jpg&h=140&w=231&c=1&s=0)
