A critical Use-After-Free vulnerability in Google Chrome's WebSockets implementation poses a significant risk of remote code execution for end-users.

This is a Use-After-Free (UAF) vulnerability occurring within the WebSockets component. The flaw can be triggered by an unauthenticated remote attacker via a specially crafted webpage, leading to potential memory corruption.

Successful exploitation allows an attacker to execute arbitrary code within the context of the browser process. Given the CVSS score of 8.8, this vulnerability carries a high risk of system compromise, potentially leading to unauthorized data access and the loss of browser-stored credentials or session tokens.

Immediate Action: Update all instances of Google Chrome to version 149 or later immediately.

Proactive Monitoring: Monitor endpoint logs for abnormal browser process termination or unexpected crash reports.

Compensating Controls: Ensure that browser-based security policies are enforced and consider disabling unnecessary WebSocket features via enterprise management policies if updates are delayed.

Public Exploit Available: false

The severity of this Use-After-Free flaw necessitates an immediate patching cycle across all enterprise workstations. Security teams should prioritize updating Google Chrome to version 149 to mitigate the risk of remote exploitation.