A critical implementation flaw in Google Chrome's Isolated Web Apps allows attackers to execute arbitrary code within a sandboxed context, threatening browser security.

This vulnerability stems from an insecure implementation within the Isolated Web Apps framework. An unauthenticated attacker can exploit this by using a malicious file to trigger code execution inside a sandboxed environment, inheriting the permissions associated with that sandbox.

The CVSS score of 8.8 underscores the severity of this sandbox escape or bypass vulnerability. By executing code within the sandbox, an attacker can potentially access or modify data, files, or services that the application is authorized to interact with, leading to unauthorized data exposure and further system compromise.

Immediate Action: Update Google Chrome to version 149.0.7827.53/54 for Windows and macOS, or 149.0.7827.53 for Linux, immediately.

Proactive Monitoring: Monitor for anomalous behavior in web applications and review logs for unauthorized file access attempts or unexpected application execution.

Compensating Controls: Limit the use of Isolated Web Apps to trusted sources and ensure that the browser is kept up-to-date with the latest vendor security patches.

Public Exploit Available: False

Given the potential for code execution within the browser's sandbox, immediate patching is required. Organizations should prioritize updating all Chrome instances to prevent attackers from leveraging the Isolated Web Apps framework to bypass security controls.