Straight from the release notes,

Google has released update patches for the several exploits in the initial release of Google Chrome.

Fixes a buffer overflow vulnerability in handling long filenames that display in the “Save As” dialog. This is a critical risk that could lead to execution of arbitrary code.  See here for fix details.

Fixes a buffer overflow vulnerability in handling link targets displayed in the status area when the user hovers over a link.  This is a critical risk that could lead to execution of arbitrary code.  The issue was reported privately to Google.  Fix details here.

Fixes an out of bounds memory read when parsing URLs ending with :%.  This is a low risk that can be used to crash the entire browser, possibly causing loss of data in the current session. Fix information here.

The update also changes the default Downloads directory if it is set to Desktop to ensure that Desktop cannot be the default. This mitigates the risk of malicious cluttering of the desktop (aka carpet bombing) with unwanted downloads, which can lead to executing unwanted files.

Schwing!