A critical Use-After-Free vulnerability in Google Chrome’s Cast Streaming component poses a significant risk of remote code execution.

This is a memory corruption vulnerability categorized as a Use-After-Free within the Cast Streaming function. An unauthenticated remote attacker can trigger this flaw via a crafted webpage to gain unauthorized code execution.

The exploitation of this vulnerability could lead to total system compromise, allowing an attacker to execute arbitrary code within the context of the browser process. Given the high CVSS score of 8.8, this presents a severe risk to organizational confidentiality and integrity, potentially enabling the exfiltration of sensitive user data or credentials.

Immediate Action: Update all instances of Google Chrome to version 149 or later immediately.

Proactive Monitoring: Monitor endpoint logs for suspicious browser process crashes or unusual memory usage patterns that may indicate exploitation attempts.

Compensating Controls: Ensure that browser-based security features, such as site isolation and sandboxing, are enabled and enforced via group policy.

Public Exploit Available: false

The severity of this Use-After-Free vulnerability necessitates an immediate response. Organizations should prioritize patching all Chrome installations to version 149 or higher to mitigate the risk of remote code execution and potential system takeover.