Vupen has not provided specific details of the attack. According to Computerworld, a user could be tricked into visiting a maliciously coded website that would execute the exploit. The vulnerabilities were exploited using Chrome 11 running on a Windows 7 machine, using two different exploits.
Google has not commented, except to say:
We're unable to verify Vupen's claims at this time as we have not received any details from them.