Finding vulnerabilities isn't so much of an issue as having the vendor patch them quickly.  This has already been patched by Google.  I remember the days when Internet Explorer went unpatched for what like 2 years or 4 years at a time.  I just hope no one thinks that Microsoft is proving anything by finding software vulnerabilities in Chrome Frame.  Vulnerabilities will always exist - responsible vendors who patch quickly, those are the rarity.