A high-severity implementation flaw in Google Chrome’s Dawn component enables remote attackers to perform out-of-bounds memory access using malicious web content.

This vulnerability is caused by an inappropriate implementation within the Dawn (WebGPU) component. An unauthenticated remote attacker can trigger this flaw by enticing a user to visit a malicious HTML page, leading to out-of-bounds memory access.

The CVSS score of 8.8 reflects the high risk associated with memory-related vulnerabilities in browser components. Successful exploitation could allow an attacker to compromise the browser's security boundaries, potentially leading to unauthorized access to sensitive user information or execution of malicious code.

Immediate Action: Update Google Chrome to version 149.0.7827.53/54 for Windows and macOS, or 149.0.7827.53 for Linux, immediately.

Proactive Monitoring: Review application logs for unusual browser activity and monitor for reports of unexpected browser crashes that may indicate exploitation attempts.

Compensating Controls: Use browser-based security policies to disable or restrict advanced web features if they are not required for business operations.

Public Exploit Available: False

Organizations should treat this as a high-priority update. Promptly patching the browser ensures that the underlying Dawn implementation is corrected, effectively neutralizing the risk of memory access exploitation from compromised or malicious web pages.