A critical Use-After-Free memory vulnerability in Google Chrome’s PDFium component requires immediate patching to prevent remote code execution.

The vulnerability is a Use-After-Free error in the PDFium library. It occurs when the browser improperly handles object memory, allowing an unauthenticated attacker to execute code by convincing a user to open a malicious PDF.

With a CVSS score of 8.8, this vulnerability carries a high risk of system compromise. Successful exploitation could result in the total loss of confidentiality, integrity, and availability of the affected workstation.

Immediate Action: Update all Google Chrome installations to version 149 or later to incorporate the necessary security patches.

Proactive Monitoring: Monitor for signs of browser instability or unauthorized file system access originating from the Chrome process.

Compensating Controls: Use endpoint detection and response (EDR) solutions to identify and block suspicious shellcode execution triggered by browser processes.

Public Exploit Available: false

Security teams should treat this as a high-priority update. Given the prevalence of PDF-based attacks, ensuring that the browser engine is fully patched is a fundamental requirement for maintaining a secure computing environment.