Whitehats Subvert Google Chrome Sandbox
The exploit, according to Vupen, "bypasses all security features."
Vupen has not provided specific details of the attack. According to Computerworld, a user could be tricked into visiting a maliciously coded website that would execute the exploit. The vulnerabilities were exploited using Chrome 11 running on a Windows 7 machine, using two different exploits.
Google has not commented, except to say:
We're unable to verify Vupen's claims at this time as we have not received any details from them.