Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the handling of GPU command buffers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html