Less than 24 hours after a Russian hacker pocketed $60,000 by exploiting a previously unknown critical vulnerability in Google Chrome, company developers released an update removing the security threat.

The quick turnaround underscores one of the key advantages of Google's open-source browser: the speed in which highly complex bugs are fixed and updates are pushed out to users. By contrast, Microsoft, which must run updates through a battery of rigorous quality-assurance tests, often takes months to fix bugs of similar complexity.

A post published Thursday morning to the Google Chrome Release blog said technical details will be withheld until a majority of users have actually installed the fix. For now, it described the vulnerability as an "UXSS and bad history navigation" issue and identified it as CVE-2011-3046.

Even after a more detailed description is published, it's likely some characteristics will be withheld. Chrome is based on the WebKit, the same browser engine powering Apple Safari and many mobile browsers. Google researchers will likely be reluctant to provide information making it easier for hackers to compromise users of those systems until they've been updated as well.

Security researchers and developers will be eager to learn how Sergey Glaznov managed to remotely execute a payload of his choosing. The attack is impressive, because it exploited code native to Chrome in order to pierce the browser's vaunted security sandbox (which isolates Web content in a highly restricted perimeter that's separated from sensitive operating system functions). To date, most successful attacks against Chrome exploit Adobe Flash, which is protected by a significantly more porous sandbox.

Glaznov's bug was submitted to the Google-sponsored "Pwnium" contest, which is being held at the CanSecWest security conference. It pays as much as $60,000 to competitors for submitting the most severe bugs. A few feet away, the Pwn2Own contest is also taking place.