Under normal circumstances such a vulnerability would allow remote code execution and would be considered critical. However, because Google Chrome uses a native sandbox that prevents attackers from executing malicious code, the severity of the bug was downgraded.
The vulnerability was discovered by Mozilla security engineer Christian Holler, who was paid US$1,000 through the Chromium Vulnerability Rewards Programs for reporting it.
The new Google Chrome 15.0.874.121 for Windows, Mac, Linux, also addresses a non-security issue that causes SVG elements loaded within iframes to ignore specified dimensions. This is actually a regression bug introduced by recent code modifications.
Home users are advised to upgrade to the new version by using the built-in Chrome update mechanism, which can be triggered by restarting the browser. Corporate network administrators can deploy it by using the Google Update for enterprise policy.