A critical use-after-free vulnerability in Google Chrome on Windows could allow an attacker to execute arbitrary code via a specially crafted web page.

This is a use-after-free vulnerability located within the core components of the Google Chrome browser on Windows. This memory corruption issue can be triggered when the browser incorrectly handles objects, potentially allowing an attacker to execute arbitrary code in the context of the user.

With a CVSS score of 8.8, this vulnerability is classified as High. Successful exploitation could lead to full browser compromise, potentially allowing an attacker to install malware, steal user credentials, or exfiltrate sensitive data from the host system.

Immediate Action: Update Google Chrome on Windows to version 149 or later immediately.

Proactive Monitoring: Ensure that automated update mechanisms are functioning correctly and monitor endpoint security software for alerts related to malicious browser activity.

Compensating Controls: Use browser-based security extensions and ensure that the operating system has active exploit mitigation features (e.g., DEP, ASLR) enabled.

Public Exploit Available: false

Browser vulnerabilities are frequently targeted by attackers due to the ubiquity of the software. Users and administrators must ensure that all instances of Google Chrome are updated to version 149 or higher to mitigate the risk of remote code execution.