A high-severity use-after-free vulnerability in the WebRTC component of Google Chrome creates a significant risk for remote code execution.

This is a use-after-free vulnerability within the WebRTC (Web Real-Time Communication) implementation in Google Chrome. The flaw allows an unauthenticated, remote attacker to execute arbitrary code by tricking a user into visiting a malicious site.

With a CVSS score of 8.8, this vulnerability poses a severe threat, as WebRTC is a common feature in modern web applications. Successful exploitation could lead to full browser compromise, resulting in data exfiltration or the installation of malicious software on the host system.

Immediate Action: Update Google Chrome to version 149.0.7827.53 or later across all enterprise workstations and mobile devices.

Proactive Monitoring: Monitor for anomalous WebRTC connection attempts or unexpected browser crashes that may indicate exploitation attempts.

Compensating Controls: Deploy endpoint protection platforms (EPP) and network-based filtering to block access to known malicious domains.

Public Exploit Available: false

Given the ubiquity of WebRTC in web applications, this vulnerability is particularly dangerous. It is imperative that all instances of Google Chrome are updated to the current stable release immediately to mitigate the risk of remote code execution.