A critical use-after-free vulnerability in the Google Chrome Media component on Windows creates a risk of arbitrary code execution.

This is a use-after-free vulnerability within the browser's media processing logic. An unauthenticated remote attacker can trigger this flaw by providing a specially crafted media file or stream to the browser.

With a CVSS score of 8.8, the potential for unauthorized code execution is high. This can lead to system-wide compromises, data theft, and loss of control over the affected Windows endpoint, necessitating a rapid response.

Immediate Action: Update Google Chrome on all Windows endpoints to version 149 or later.

Proactive Monitoring: Monitor for anomalous media-related process crashes or unexpected CPU spikes in the browser.

Compensating Controls: Restrict the execution of unauthorized media plug-ins and ensure that endpoint security software is configured to scan incoming media files for malicious content.

Public Exploit Available: false

Organizations must treat this vulnerability with high priority. Updating to the latest version of Chrome is the only effective way to mitigate this memory corruption risk on Windows systems.