Google has updated its Chrome browser to fix a critical bug that could allow an attacker to execute malicious code on a user's system.
Chrome 18.104.22.168, released on Thursday, fixes a bug in the browser's implementation of the Gears SQL application programming interface (API) that could allow a malicious website to crash the Gears plug-in and possibly execute malicious code on a user's system, Google said in an advisory.
Gears is a Google-directed open-source project that enables offline support and other features for web applications.
The bug could allow a malicious site to use the Gears SQL API to maliciously craft SQL metadata, which could cause a memory corruption, Google said. This could cause the Gears plug-in to crash or possibly allow the execution of malicious code.
Google released further details to developers, but said it will only make the bug fully public once most Chrome users have installed the fix. The company ranked this bug 'high risk'.
The update fixes the problem by adding the file types in question to Chrome's blacklist of potentially dangerous file types, so the user is warned before such files are downloaded.
The security website SecureThoughts.com has published more details on the workings of this bug.
Google is currently at work on version 4 of Chrome, and it released a beta-test version of Chrome 22.214.171.124 last week, including features such as bookmark synchronisation. The company said it is working on a beta-test version of Chrome for the Mac.