A high-severity use-after-free vulnerability in Google Chrome's macOS Bluetooth implementation poses a risk of remote code execution for end-users.

This vulnerability resides in the Bluetooth integration within Chrome on macOS. An attacker can trigger this use-after-free condition to manipulate browser memory, potentially leading to arbitrary code execution if successfully exploited.

The CVSS score of 8.3 indicates a high risk to organizational assets. Successful exploitation allows an attacker to gain control over the browser environment, which can be leveraged for further lateral movement within the network or the theft of local user data.

Immediate Action: Update Google Chrome to version 149 or newer to address this vulnerability in the macOS-specific Bluetooth module.

Proactive Monitoring: Use system-level monitoring to detect suspicious network activity or unauthorized attempts to access Bluetooth hardware services through the browser.

Compensating Controls: Enforce strict browser security policies and ensure the operating system’s native security features are fully enabled to limit the impact of browser-based exploits.

Public Exploit Available: false

While the score of 8.3 is slightly lower than other similar flaws, it remains a serious concern for macOS users. Security teams should ensure that all Chrome instances on macOS are updated to the latest version to mitigate this risk.