Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Google Chrome browser versions prior to 6.0.472.59. Microsoft engineers discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Google Inc. Google Inc. has remediated the vulnerability.
A sandboxed remote code execution vulnerability exists in the way that Google Chrome attempts to reference memory that has been freed. An attacker could exploit the vulnerability to cause the browser to become unresponsive and/or exit unexpectedly, allowing an attacker to run arbitrary code within the Google Chrome Sandbox. The Google Chrome Sandbox is read and write isolated from the local file system which limits an attacker.
Microsoft Vulnerability Research reported this issue to and coordinated with the Chromium Project and the Google Security Team to ensure remediation of this issue. This vulnerability has been assigned the entry, CVE-2010-1823, in the Common Vulnerabilities and Exposures list. For more information, including information about updates from Google, see Google Chrome Releases: Announcements and release notes for the Google Chrome browser.