First, Rishi Narang, who is part of the EvilFingers security portal, identified a denial-of-service vulnerability that has crashed the Chrome browser when tabs are open during an Internet session.

A second proof-of-concept vulnerability also emerged on Wednesday that allows a malformed URL to crash or "carpet bomb" the Chrome browser. This exploit was discovered when independent researcher Aviv Raff figured out that he could combine two vulnerabilities -- a flaw in Apple Safari (WebKit) and a Java bug discussed at this year's Black Hat conference. His exploit tricks users into launching executables directly from the new browser.

Google's Chrome browser is partly based on open source software components used in Mozilla's Firefox and Apple's WebKit. The malformed URL vulnerability is based on the WebKit problem that similarly affected Apple's Safari browser. Apple has since patched Safari, but Google is using a version of the WebKit that is vulnerable to this kind of attack, experts say.

Debates across the IT security community have noted that Microsoft Internet Explorer 8, currently at Beta 2, comes with a bevy of security and privacy functions. Meanwhile, Google, observers say, is far more likely to press for a release that does not meet the more stringent security requirements that IT pros in the enterprise space are used to seeing.

"As was the case a decade ago at Microsoft, inside of Google, marketing still appears to carry a much bigger stick than the security folks do," said Randy Abrams, director of technical education at San Diego-based security software company ESET. "This makes it impossible to place the proper emphasis on security. As a result, Google will be responding to flaws much more often than proactively preventing vulnerabilities."