The flaw could enable remote code execution, although Chrome’s sandbox is designed to prevent attackers from executing malicious code.
Mozilla security analyst Christian Holler was paid a $1,000 bug bounty for reporting the vulnerability.
The update, Chrome 15.0.874.121, is available for Windows, Mac, Linux, and Chrome Frame platforms. It also addresses a regression bug that causes SVG elements loaded within iframes to ignore specified dimensions.
This is the second Chrome update this month. On Nov. 10, Google fixed seven Chrome bugs, five of which were labeled high risk.
Last month, Google plugged 18 security holes with the release of the Chrome 15 browser and doled out more than $26,000 in bug bounties.
The company fixed 11 high-severity, three medium-severity, and four low-severity flaws. The high-severity flaws included URL bar spoof in history handling, cross-origin policy violations (for which Sergey Glazunov received a hefty $12,174 bounty), various use-after-free issues, and heap overflow in Web Audio.
Google paid over $26,000 in bounties to researchers, including $13,674 to Glazunov and $10,337 to "miaubiz".