A high-severity use-after-free vulnerability in Google Chrome’s Codecs implementation on Windows creates a significant risk of remote code execution.

This flaw exists within the media codec handling of the browser on Windows platforms. An attacker could exploit this by serving malicious media content that triggers a use-after-free condition in the browser's memory.

The CVSS score of 8.3 underscores the necessity for immediate action. Compromise of the browser on a Windows host could provide an attacker with a foothold to execute commands with the privileges of the user, potentially escalating to full system compromise.

Immediate Action: Update Google Chrome to version 149 or later on all Windows-based workstations and servers.

Proactive Monitoring: Review Windows Event Logs for suspicious application errors or unexpected process execution associated with the Chrome browser.

Compensating Controls: Use Group Policy to restrict the execution of untrusted media files and ensure that Windows Defender or equivalent antivirus solutions are fully updated.

Public Exploit Available: false

Given the prevalence of Chrome in Windows environments, this vulnerability represents a significant attack vector. Security teams should ensure that the update to version 149 is prioritized to mitigate the risk of remote code execution via malicious media processing.