Google has fixed 3 Chrome security holes, two which were rated as high severity, and the other as medium.
The first issue was in the V8 JavaScript engine, which could “allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing security checks.”
The second issue allows poorly formed XML to crash the browser tab. “A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected.”
The final bug could allow “sites whose certificates are signed using MD2 or MD4 hashing algorithms … to spoof an invalid site as a valid HTTPS site.”
Thankfully, none of these risks were rated as critical thanks to Google Chrome’s sandbox environment. The update will be pushed out to all current Chrome users.