In addition to the two critical security flaws, a third security flaw was rated high, and researcher Martin Barbella received a $1000 bounty for reporting it. A fourth flaw was rated low.
Hackers could use the critical security flaws to break out of the Chrome sandbox, according to French security firm Vupen.
“The vulnerabilities…related to GPU and blob handling are typical examples of critical vulnterabilities that can affect Chrome and can be exploited to execute arbitrary code outside the sandbox”, said Chaouki Bekar, Vupen's CEO and head of research, in an email reply to questions submitted by Computerworld.
Bekar noted that there remain Chrome bugs that the firm identified last month that have not been patched. "The recent flaws we discovered in Chrome, including the sandbox bypass, remain unpatched and our exploit code works with version 11.0.696.71, too," he said.
In a May 9 blog, Vupen wrote: “While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any default installation of Chrome despite its sandbox.”
Google has fixed scores of security flaws in its Chrome browser this year. In March, Google fixed 23 security flaws with its Chrome 10 version and dolled out $16,174 bounties to security researchers. In April, it fixed 25 security flaws with its Chrome 11 version.