A high-severity Use-After-Free vulnerability in Google Chrome's Ozone component poses a significant risk of arbitrary code execution for unauthenticated users.

This is a Use-After-Free vulnerability in the Ozone component, which manages graphics and windowing system abstraction. The flaw can be triggered by an unauthenticated remote attacker through a crafted webpage, leading to unpredictable application behavior or memory corruption.

With a CVSS score of 8.8, this vulnerability represents a significant threat to organizational security. Successful exploitation could allow an attacker to execute arbitrary code within the context of the browser, potentially leading to unauthorized system access, data theft, or the installation of malicious software on the host machine.

Immediate Action: Update all instances of Google Chrome to version 149.0.7827.53/54 or later immediately.

Proactive Monitoring: Monitor browser crash logs and endpoint security telemetry for anomalous process behavior or unexpected memory access patterns.

Compensating Controls: Utilize endpoint protection platforms (EPP) with exploit prevention features and ensure browser security settings are configured to restrict high-risk script execution where possible.

Public Exploit Available: false

Given the severity of Use-After-Free vulnerabilities in browser environments, administrators must prioritize the deployment of the Chrome 149 update. Failure to patch allows a window of opportunity for attackers to leverage this memory corruption flaw for unauthorized system interaction.