VULNERABILITY DETAILS
It is possible to get a lot of information from the victim including cache's and cookies, since iframes automatically download the src if it is a binary file it is possible to put as src any of the files in the computer that contain cache's or cookies or lots more. But the problem is that using a bit of PHP you can upload those files into your server using this piece of PHP code:
file_put_contents("Tmpfile.zip", file_get_contents("file:///path/to/some/important/directory/containing/cookies/or/caches/or/more"));


VERSION
Chrome Version:Newest
Operating System: Macintosh

REPRODUCTION CASE
Create a .php file with something kind of like 
<?php
file_put_contents("Tmpfile.zip", file_get_contents("file:///path/to/some/important/directory/containing/cookies/or/caches/or/more"));
?>

You can use this to get a lot of information you shouldn't be able to get about the victim including files that may affect Chrome related stuff, or information that may affect the computer system itself, this is very dangerous and should be fixed quick.