A critical Use-After-Free vulnerability in Google Chrome's TabStrip could allow an unauthenticated remote attacker to execute arbitrary code or cause a system crash.

This is a Use-After-Free memory corruption vulnerability located within the TabStrip component. The flaw can be triggered by an unauthenticated attacker via a crafted web page, leading to potential heap manipulation.

Successful exploitation of this vulnerability poses a significant risk to organizational endpoints. With a CVSS score of 8.8, this high-severity flaw could facilitate unauthorized remote code execution, leading to full system compromise, data exfiltration, or the deployment of malicious payloads within the corporate network.

Immediate Action: Update all instances of Google Chrome to version 149 or later immediately.

Proactive Monitoring: Monitor endpoint logs for unusual browser crashes or unexpected process behavior indicative of memory corruption attempts.

Compensating Controls: Ensure that browser-based security policies are enforced and consider using endpoint protection software to detect and block malicious web-based execution chains.

Public Exploit Available: false

Given the high CVSS score and the nature of browser-based memory vulnerabilities, organizations must prioritize patching. Administrators should deploy the latest Google Chrome updates across all managed devices as soon as they become available to mitigate the risk of remote exploitation.