Google Chrome contains a high-severity Use-After-Free vulnerability in the Extensions component that poses a serious risk of arbitrary code execution.

The vulnerability is a Use-After-Free (UAF) memory corruption issue within the Extensions framework. An unauthenticated attacker can trigger this condition through a malicious webpage, potentially leading to unintended code execution.

With a CVSS score of 8.8, this flaw is highly dangerous. Exploiting the Extensions component can allow an attacker to gain excessive privileges within the browser, potentially compromising any data accessible to installed extensions or the browser itself.

Immediate Action: Update Google Chrome to version 149 or higher immediately to ensure the Extensions framework is secured.

Proactive Monitoring: Review installed browser extensions for unnecessary permissions and monitor for signs of unauthorized extension activity or unexpected browser behavior.

Compensating Controls: Restrict the installation of unauthorized browser extensions through enterprise management policies to reduce the attack surface.

Public Exploit Available: false

This vulnerability highlights the need for continuous browser maintenance. Organizations should ensure they are on version 149 or later and audit existing extensions to minimize the potential impact of browser-based security flaws.