From the “Run Microsoft, infect Google” files:
Google today updated its stable version of the Chrome browser to version 18.104.22.168 to fix a serious security issue. The “funny” thing is the issue is triggered by Microsoft’s Internet Explorer (IE) browser.
The issue is very serious and according to Google could potentially enable something called universal cross-site scripting (UXSS) without a user having to do anything.
According to Google’s bug report on the issue:
When loaded in Internet Explorer, a specially crafted HTML page can launch Google Chrome with an arbitrary URI without requiring any user interaction.