A critical Use-After-Free vulnerability in the WebML component of Google Chrome on Windows presents a high-severity risk of remote code execution.

This vulnerability involves a Use-After-Free (UAF) memory error within the WebML (Web Machine Learning) implementation. It can be triggered by an unauthenticated attacker via a crafted web page, leading to a crash or arbitrary code execution.

With a CVSS score of 8.8, this flaw poses a significant threat to Windows-based environments. Successful exploitation allows for the execution of code with the privileges of the browser process, which could result in severe data theft or unauthorized access to sensitive system resources.

Immediate Action: Update the Windows installation of Google Chrome to version 149 or later immediately.

Proactive Monitoring: Watch for unusual process spawns from the browser process and monitor for unexpected system crashes that could indicate exploitation attempts.

Compensating Controls: Restrict browser capabilities using Group Policy Objects (GPO) where possible and ensure that Windows Defender or third-party AV is configured to scan for browser-based threats.

Public Exploit Available: false

This vulnerability specifically impacts Windows users. Organizations should prioritize updating all Chrome instances on Windows platforms to version 149 to eliminate this risk, as UAF flaws are common targets for exploit development.