Google Chrome contains a high-severity Use-After-Free vulnerability in the Canvas component that may allow attackers to execute arbitrary code on the host system.

The vulnerability is a Use-After-Free (UAF) flaw within the Canvas rendering component. An unauthenticated attacker can exploit this by directing a user to a malicious site, triggering a memory error that can be leveraged for code execution.

The CVSS score of 8.8 underscores the severity of this flaw. Compromise of a browser instance provides an attacker with a foothold in the user's environment, risking the confidentiality and integrity of local data and potentially facilitating lateral movement within the network.

Immediate Action: Apply the latest security updates provided by Google to move to version 149 or later.

Proactive Monitoring: Monitor network traffic for connections to known malicious domains and utilize EDR tools to flag anomalous browser behavior.

Compensating Controls: Implement browser isolation technologies or web filtering to restrict access to untrusted or potentially malicious web content.

Public Exploit Available: false

Security teams must treat this vulnerability with high urgency. Patching is the only effective mitigation for this memory corruption flaw, and deployment should be accelerated to protect users from potential browser-based attacks.