Google has released security patches to fix multiple high severity vulnerabilities in the Chrome browser.

In an update, Google Chrome engineering program manager Jonathan Conradt announced that two patches were being released that were part of the Chrome 2.0.172.43 update sent automatically to users, which include two rated 'high severity' and one 'medium risk'.

CVE-2009-2935 updates a flaw in the V8 JavaScript engine that ‘might allow specially crafted JavaScript on a web page to read unauthorised memory, bypassing security checks. It is possible that this could lead to disclosing unauthorised data to an attacker or allow an attacker to run arbitrary code'.

The discovery of the issue was credited to Mozilla and rated as high severity, as an attacker might be able to run arbitrary code within the Google Chrome sandbox.

Conradt wrote that a victim would need to visit a page under an attacker's control and any code that an attacker might be able to run inside the renderer process would be inside the sandbox.

Google has also released the CVE-2009-2414 and CVE-2009-2416 patches, which affect stack consumption vulnerability in libxml2 and multiple use-after-free vulnerabilities in libxml2 respectively.

Conradt claimed that the vulnerabilities could lead to pages using XML causing Google Chrome tab process to crash. This was also rated with high severity, as an attacker might be able to run arbitrary code within the Google Chrome sandbox.

Again, a victim would need to visit a page under an attacker's control and any code that an attacker might be able to run inside the renderer process would be inside the sandbox.

Graham Cluley, senior technology consultant at Sophos, said: “Google's Chrome web browser may be some way off dominating the competitive browser market, but it still has its ardent fans.

“Although nothing like as widely used as Internet Explorer or Firefox, it's perfectly possible that users inside your organisation have unilaterally chosen to use Chrome as their default browser if you haven't implemented a policy to control which program your staff use to surf the net.”