A critical use-after-free vulnerability in Google Chrome on Windows poses a significant risk of memory corruption and potential system compromise.

This is a use-after-free vulnerability located within the FullScreen functionality of the browser. It typically requires a user to interact with malicious web content to trigger the flaw.

With a CVSS score of 8.8, this vulnerability is classified as High severity. Successful exploitation could allow an attacker to execute arbitrary code within the context of the browser, potentially leading to unauthorized data access, malware installation, or persistent system compromise, posing a severe threat to endpoint security.

Immediate Action: Update Google Chrome to version 149 or later immediately to resolve the vulnerable memory management state.

Proactive Monitoring: Monitor browser-related crash logs and endpoint security telemetry for suspicious process behavior originating from the browser.

Compensating Controls: Ensure endpoint detection and response (EDR) solutions are active to identify and block post-exploitation activities such as shellcode execution.

Public Exploit Available: false

Given the prevalence of Chrome in enterprise environments, the risk of browser-based attacks is substantial. Security teams must prioritize updating all Windows-based Chrome installations to version 149 or higher to eliminate this high-severity vector.