A high-severity use-after-free vulnerability in the Base component of Linux-based Google Chrome could allow an attacker to exfiltrate sensitive memory data from the renderer process.

This use-after-free vulnerability occurs within the Base component. It requires the prior compromise of the renderer process and enables an attacker to leak sensitive information from process memory via a crafted HTML page.

The CVSS score of 8.8 highlights the high risk associated with this vulnerability. Information disclosure of this nature could lead to the exposure of authentication tokens, session data, or other sensitive corporate information, potentially facilitating further attacks or unauthorized access to internal systems.

Immediate Action: Update Google Chrome on Linux platforms to version 149.0.7827.53 immediately.

Proactive Monitoring: Perform regular audits of application logs and monitor for unusual memory access patterns that could indicate an exploitation attempt.

Compensating Controls: Ensure that browser sandboxing is strictly enforced and that users are instructed to avoid navigating to untrusted or suspicious websites.

Public Exploit Available: false

While this vulnerability requires a prior renderer process compromise, the resulting information disclosure is a severe concern for privacy and security. Administrators must ensure all Linux-based Chrome endpoints are updated to the latest version to close this security gap.