Several Google security engineers have countered claims that a
French security company found a vulnerability in Chrome that could
let attackers hijack Windows PCs running the company’s browser.
Instead, those engineers said the bug Vupen exploited to hack
Chrome was in Adobe’s Flash, which Google has bundled with the
browser for over a year.
The bug may not be in Google’s code, but so long as Chrome includes Flash as a bundled (and enabled by default) component, Flash is a part of Chrome. (Via Slashdot, and headline quip from commenter “manonthemoon”.)