A critical use-after-free vulnerability in Google Chrome on Windows enables remote code execution and sandbox escape, necessitating an immediate browser update.

This vulnerability is a use-after-free flaw located in the Gamepad component. It can be triggered by an unauthenticated attacker via a specially crafted HTML page, leading to a potential sandbox escape.

With a CVSS score of 9.6, this vulnerability represents a severe threat to endpoint security. Successful exploitation could allow an attacker to escape the browser sandbox, potentially leading to full arbitrary code execution on the underlying host operating system and unauthorized access to user data.

Immediate Action: Update Google Chrome to version 149.0.7827.103 or later immediately.

Proactive Monitoring: Review endpoint security logs for unexpected process spawns originating from the Chrome browser process.

Compensating Controls: Use endpoint protection platforms (EPP) to block the execution of suspicious child processes spawned by browser applications.

Public Exploit Available: N/A

The high CVSS score reflects the dangerous nature of sandbox escape vulnerabilities in web browsers. Administrators should prioritize the deployment of the latest Chrome version across the enterprise to mitigate the risk of remote exploitation.