A critical use-after-free vulnerability in the Bluetooth component of Google Chrome on macOS presents a significant risk of arbitrary code execution for users.

The vulnerability exists within the Bluetooth implementation in the browser's codebase. An unauthenticated attacker could exploit this memory corruption flaw by tricking a user into navigating to a malicious site, resulting in code execution.

With a CVSS score of 8.8, this vulnerability poses a severe threat to the confidentiality and integrity of workstations. Attackers could utilize this exploit to gain persistent access to systems, potentially leading to the compromise of sensitive corporate data.

Immediate Action: Update all instances of Google Chrome on macOS to version 149 or later immediately.

Proactive Monitoring: Monitor for suspicious network connections or unusual browser behavior that may suggest an exploitation attempt.

Compensating Controls: Use browser-level security policies to restrict access to sensitive APIs if possible, and ensure endpoint protection is fully operational.

Public Exploit Available: false

Immediate remediation is required to address this vulnerability. Security teams must ensure that all users update their Chrome browsers to the patched version to prevent potential exploitation and maintain the security integrity of their macOS fleet.