The second fix targets a bug in the V8 JavaScript engine could allow bypassing same-origin checks in certain situations. This flaw was reted High by Google, given that a “malicious script in a page could read the full URL of another frame, and possibly other attributes or data from another frame in a different origin. This could disclose sensitive information from one website to a third party.”
Last but not least, it is rather odd how Google decided to cope with a Hotmail-related error:
“Windows Live Hotmail now works. While the Hotmail team works on a proper fix, we're deploying a workaround that changes the user agent string that Google Chrome sends when requesting URLs that end with mail.live.com.
If you've been using the --user-agent switch to use Hotmail, you can remove the switch from your shortcuts with this release.”