A high-severity memory corruption vulnerability in Google Chrome allows remote attackers to execute out-of-bounds memory writes using malicious video files.

This vulnerability involves insufficient validation of untrusted input within the browser's codec processing engine. An unauthenticated remote attacker can exploit this by enticing a user to view a specially crafted video file, resulting in an out-of-bounds memory write.

The vulnerability carries a CVSS score of 8.8, indicating a high risk of remote code execution or system instability. Successful exploitation could lead to unauthorized memory access, potential system crashes, or the execution of arbitrary code within the context of the browser, potentially compromising user data and local workstation integrity.

Immediate Action: Update Google Chrome to version 149.0.7827.53/54 for Windows and macOS, or 149.0.7827.53 for Linux, immediately.

Proactive Monitoring: Monitor network traffic for anomalous media file downloads and review workstation logs for unusual browser process crashes.

Compensating Controls: Utilize endpoint security solutions capable of detecting malicious file execution and ensure browser-level protections and sandboxing are fully enabled.

Public Exploit Available: False

Given the high severity and the potential for remote code execution, organizations should prioritize the deployment of the latest Chrome browser update. Users and administrators must ensure all instances of the browser are patched to the identified stable channel release to mitigate the risk of memory-based attacks.