The flaw is a combination of two vulnerabilities, a flaw in Webkit rendering engine and a Java bug. Using this flaw a malicious hacker can lure chrome user to download an executable, that gets executed with out warning.
Aviv Raff has setup a demo of the exploit here (this page downloads a Java file to your desktop, but it won’t harm your system, it is just a notepad file), this page shows how malicious hacker can plant malware on Windows desktops.
Google Chrome is using an older version of Webkit (525.13 (Safari 3.1),), Apple fixed this flaw in Safari 3.1.2. Google has talked high on security but used a vulnerable rendering engine, hopefully they will fix it soon.
