A high-severity use-after-free vulnerability in Google Chrome could allow an unauthenticated attacker to execute arbitrary code or cause a system crash.

This is a use-after-free memory corruption vulnerability located within the Metrics component of the browser engine. The flaw can be triggered by a specially crafted web page, potentially allowing an unauthenticated remote attacker to gain control of the application process.

With a CVSS score of 8.8, this vulnerability poses a significant risk to organizational security. Successful exploitation could lead to full system compromise, data theft, or the installation of malicious payloads on end-user workstations, resulting in severe reputational and operational damage.

Immediate Action: Update all instances of Google Chrome to the latest version provided by the vendor.

Proactive Monitoring: Monitor endpoint security logs for abnormal browser process behavior or unexpected crashes that may indicate exploitation attempts.

Compensating Controls: Deploy endpoint detection and response (EDR) solutions to identify and block suspicious child processes spawned by the browser.

Public Exploit Available: false

Given the severity of this browser-based vulnerability, organizations must prioritize patching. Administrators should enforce an immediate update policy across the enterprise to mitigate the risk of remote code execution.