A high-severity use-after-free vulnerability in the Google Chrome Payments component for Mac poses a significant risk of arbitrary code execution for affected users.

This vulnerability occurs within the Payments component of Google Chrome on macOS. An unauthenticated attacker can leverage this use-after-free flaw to execute arbitrary code by convincing a user to navigate to a specifically crafted malicious website.

The CVSS score of 8.8 underscores the critical nature of this flaw. If exploited, an attacker could gain control over the browser process on macOS systems, potentially compromising sensitive user data, payment information, or credentials stored within the browser.

Immediate Action: Apply the update to version 149.0.7827.103 or later on all macOS devices running Google Chrome.

Proactive Monitoring: Monitor for unusual activity in the Payments module or unexpected application crashes that might indicate an exploitation attempt.

Compensating Controls: Employ endpoint detection and response (EDR) tools to identify and block suspicious child processes spawned by the Chrome application.

Public Exploit Available: false

Mac users are at risk if this browser component remains unpatched. Organizations must prioritize the update to the latest version to prevent potential remote code execution via the browser's payment processing functionality.