A memory corruption issue, labeled "Severity: High" by Google, existed in WebKit and could have caused arbitrary code execution in the Chrome sandbox, which is designed to run applications in restricted environments to prevent exploits, according to a post on the Google Chrome Releases blog.
Another security issue was manifest in WebKit's handling of "drag events," in which a user clicks on the mouse and drags it somewhere else before releasing, that could have led to the disclosure of information when content was moved over a maliciously crafted web page.
“An attacker might be able to read data belonging to another website, if a user can be convinced to select and drag data on an attacker-controlled site," said Mark Larson, Google Chrome program manager.
In a separate development, Google on Wednesday announced patches for security issues in a "dev version" of its Chrome browser. But Google withdrew the updates an hour later.
Google Chrome 18.104.22.168 had been released to the development channel for Windows, Mac OS X, and Linux, according to an announcement on a Google Chrome Releases blog. But later it was withdrawn because it caused numerous crashes on testers' machines.
In a note posted on the blog, Larson said: “I'm stopping the update of this build. Apologies to those who've already got the update. We'll push a fix as soon as we can [on Thursday].”