A critical use-after-free flaw in the Google Chrome WebCodecs API exposes users to remote code execution risks if they visit compromised or malicious websites.

The vulnerability resides in the WebCodecs component, which is used for hardware-accelerated video/audio encoding and decoding. An unauthenticated attacker can trigger this use-after-free condition to corrupt memory and potentially execute arbitrary code.

A CVSS score of 8.8 highlights the severity of this vulnerability, which could be leveraged to gain unauthorized access to an end-user's machine. Successful exploitation could result in the exfiltration of sensitive organizational credentials or sensitive documents stored on the local system.

Immediate Action: Apply the vendor-provided security update to Chrome version 149 or later immediately.

Proactive Monitoring: Monitor for unexpected browser crashes which may indicate an attempt to trigger the use-after-free condition.

Compensating Controls: Utilize a modern Web Application Firewall (WAF) or secure web gateway to inspect traffic for malicious payloads targeting browser APIs.

Public Exploit Available: false

Security teams should enforce the update to the latest Chrome version to mitigate the risk of exploitation. Given the prevalence of browser-based attacks, maintaining an up-to-date browser environment is a fundamental requirement for securing the workstation perimeter.