"This is the first critical Chrome vulnerability permitting [a] hacker to perform a remote code-execution attack and take complete control of the affected system," the firm wrote in its Sept. 5 advisory. While four Chrome vulnerabilities were discovered, Bach Khoa said the "Save As" flaw is the only one that can allow an attacker to launch remote attacks from a victim's PC. Other vulnerabilities just crash the browser.

The vulnerability is caused by a boundary error when handling the "Save As" function. When a user saves a malicious page with a title tag in the HTML code, the program causes a stack-based overflow, according to Bach Khoa. A hacker could construct a specially crafted Web page that contains malicious code, trick a user into visiting that Web site, and convince the user to save the page. That will execute the code and give the attacker privileges to remotely use the infected system.

Google said a patch has been released and browsers would be updated automatically.

Zeroing in on Chrome

No one should really be surprised by the news of flaws in Chrome, according to Graham Cluley, a senior security consultant at Sophos. Any Google software release is likely to attract a lot of attention from security researchers, he said, all keen to discover if a problem can be found amid all the hoopla of a new product launch.

"The good news is that all the signs are that Google's security team is aware of the importance of securing their applications -- be they on Internet users' hard disks or on the Web -- and appears to work hard to respond rapidly to threats as they emerge. This is always harder, of course, if flaws are not disclosed responsibly," Cluley said.

What's important is for people to realize that Chrome is still a beta product, Cluley said. Indeed, Google Chrome isn't even version 1.0. Although many will be curious as to what a Google browser might look like and how it might perform, he noted, it would be foolish to put full confidence in a brand-new browser without properly testing it.

"And as it's a beta, it would be wrong of us to beat Google up too much for shipping a product which has vulnerabilities," Cluley argued. "The problem is that the general public perhaps doesn't understand the difference between a beta and a finished, shipping product."

Expect More Vulnerabilities

As Cluley sees it, millions of people will be trying out Chrome either through curiosity or because they are genuinely looking for an alternative to market leaders Internet Explorer or Firefox.

"You can imagine how that could cause a headache for an IT department trying to do a good job of supporting users throughout the enterprise ," he said. "For that reason, we expect to see companies tightening policies as to which browsers are allowed to be used inside the company, and using technology to control applications."

With Google now emerging as a player in the browser market, Cluley predicted more vulnerabilities and flaws will emerge in the future. As with other browsers, he noted, it will be important for Chrome users to keep their systems up to date with the latest security patches and updates.