A high-severity sandbox escape vulnerability in Google Chrome requires immediate patching to prevent attackers from bypassing browser security boundaries.

This is a use-after-free vulnerability within the DigitalCredentials component. A remote attacker who has already compromised the renderer process can leverage this flaw to perform a sandbox escape via a crafted HTML page.

With a CVSS score of 8.3, this flaw represents a significant risk to the security model of the browser. By escaping the sandbox, an attacker can gain broader access to the underlying operating system, potentially leading to full system compromise and data exfiltration. This is particularly dangerous for users handling sensitive credentials within the browser.

Immediate Action: Update all Google Chrome instances to the latest version (149.0.7827.114 or 149.0.7827.115 depending on the OS) immediately.

Proactive Monitoring: Monitor security logs for evidence of unauthorized process elevation or unusual system calls emanating from the browser.

Compensating Controls: Apply strict endpoint security policies and utilize browsers with robust sandboxing configurations to limit the impact of a potential renderer compromise.

Public Exploit Available: false

The ability to escape the sandbox is a critical security failure that undermines the browser's defense-in-depth strategy. IT teams should prioritize applying these updates to all client devices to eliminate the risk of sandbox escape.