The claim in the advisory:
... we have now uncovered a reliable way to execute arbitrary code on any default installation of Chrome despite its sandbox, ASLR and DEP.Good find VUPEN! Gratz on taking down Big G's Chrome! Your advisory looks like a Jedi Mindtrick though - "We have the vulnerability you're looking for". Again, I ask you "Where's the Beef, good sirs?" And while you're at it, please explain your intent behind disclosing without Proof of Concept code and lack of vendor contact.