The following is a video by VUPEN Security that shows the Chrome browser on Windows 7 SP1 being exploited by going to a web page and then loading an executable, in this case the calculator. This shows that any sort of malicious program could conceivably be run just by going to a web page if this is true.
What’s curious is why VUPEN will not disclose what this vulnerability is to Google. If you know an exploit, Google will be pay you a reward for this if it is submitted by a person. Does VUPEN have more to perhaps gain by keeping this exploit a secret and selling it to its government customers as it says it is going to?
Let us know in the comments.