A high-severity use-after-free vulnerability in the Google Chrome PDF rendering engine poses a significant risk of arbitrary code execution for affected users.

This flaw exists in the PDF rendering component of Google Chrome. An unauthenticated attacker can trigger this vulnerability by serving a maliciously crafted PDF file, which causes the browser to access memory that has been deallocated, leading to potential code execution.

With a CVSS score of 8.8, this vulnerability is a high-risk entry point for attackers targeting organizational workstations. Successful exploitation could lead to full browser compromise, facilitating data exfiltration or the delivery of further malicious payloads.

Immediate Action: Update all Google Chrome installations to version 149.0.7827.103 or later to address the PDF rendering flaw.

Proactive Monitoring: Monitor for suspicious PDF file downloads or interactions with unexpected document sources via browser logs.

Compensating Controls: Use browser-based security policies to restrict or disable certain PDF features if immediate updates are not feasible for all users.

Public Exploit Available: false

Given that PDF rendering is a frequent target for remote code execution attacks, the update to version 149.0.7827.103 should be deployed immediately to secure the browser's PDF engine against this high-severity vulnerability.