A high-severity use-after-free vulnerability in the Google Chrome InterestGroups feature poses a significant risk of arbitrary code execution for affected users.

This is a memory management vulnerability located in the InterestGroups implementation within Google Chrome. An unauthenticated remote attacker can exploit this by directing a user to a crafted HTML page, triggering an invalid memory access that allows for arbitrary code execution.

The CVSS score of 8.8 reflects the high severity of this flaw. Exploitation could allow an attacker to bypass sandbox protections, leading to unauthorized access to the local machine and potential lateral movement within the network.

Immediate Action: Update Google Chrome to version 149.0.7827.103 or later to patch the InterestGroups component.

Proactive Monitoring: Monitor for suspicious network traffic or browser behavior that might indicate attempts to interact with the browser's ad-related or interest-based APIs.

Compensating Controls: Implement organizational policies that limit browser extensions and restrict access to non-essential browser features where possible.

Public Exploit Available: false

The vulnerability within the InterestGroups feature highlights the need for consistent browser hygiene. All organizations should prioritize updating to the latest secure version of Chrome to eliminate this high-risk attack vector.