Google Chrome Browser version 0.2.149.27 suffers from a SaveAs-related buffer overflow and another denial of service vulnerability. Exploits for both are included in the tarball. PoC-XPSP2.html demonstrates the overflow by launching calc.exe and PoC-Crash.html demonstrates the crash.
c37f95b0bce91d2b52332c905f8fa6450d91a63b82a913cb363d098f8c9d60c2