The update also addresses three medium risk issues, a cross-site scripting bug, an issue that could cause pages to load with privileges of the New Tab page and a local file reference through developer tools. Further details of the vulnerabilities are being withheld until "a majority of users are up to date with the fix".
The first two high risk holes earned a developer going by the name of "kuzzcc" $500 each as part of Google's experimental Chrome Security Reward programme. Launched at the end of January, the programme is aimed at encouraging users to report vulnerabilities in its browser. Subject to committee decision, the standard $500 reward for each bug may be increased up to $1,337 for special cases and particularly critical issues.
Continued here: http://www.h-online.com/security/news/item/Google-closes-vulnerabilities-in-Chrome-4-for-Windows-982745.html
Also See Vulnerabilities/Fixes : Google Chrome Multiple Vulnerabilities