A high-severity use-after-free vulnerability in Google Chrome’s Bluetooth component on macOS poses a significant risk of arbitrary code execution for affected users.

This is a use-after-free memory corruption vulnerability located within the Bluetooth subsystem of the browser. Successful exploitation requires an attacker to trigger the flaw, typically by enticing a user to navigate to a malicious site, which may lead to system compromise.

The CVSS score of 8.8 reflects the high potential for impact, including complete system compromise or unauthorized data access. Successful exploitation could allow an attacker to execute arbitrary code within the context of the browser, leading to potential exfiltration of sensitive session data or deployment of malware on the host machine.

Immediate Action: Update Google Chrome to version 149 or later immediately to resolve the memory corruption flaw.

Proactive Monitoring: Monitor endpoint logs for unusual browser crashes or unexpected child process spawning associated with the Chrome application.

Compensating Controls: Ensure the browser’s built-in sandbox remains enabled and utilize endpoint detection and response (EDR) tools to identify malicious process behavior.

Public Exploit Available: false

Given the CVSS score of 8.8 and the browser's role as a primary attack vector, this vulnerability should be treated with high urgency. Administrators must prioritize the deployment of the version 149 update across all macOS endpoints to mitigate the risk of remote code execution.