A critical use-after-free vulnerability in the WebMIDI component of Google Chrome on Windows necessitates an immediate update to prevent sandbox escapes.

This vulnerability is a use-after-free flaw found in the WebMIDI implementation. An unauthenticated attacker who has already compromised the renderer process can exploit this to perform a sandbox escape via a crafted HTML page.

With a CVSS score of 8.3, this flaw is a significant security risk. Successful exploitation grants the attacker the ability to break out of the browser's security sandbox, moving from a restricted environment to the wider host system. This could result in data theft, persistence, or the deployment of further malicious payloads.

Immediate Action: Update all Google Chrome instances on Windows to version 149.0.7827.114 or 149.0.7827.115.

Proactive Monitoring: Monitor for anomalous browser behavior, specifically regarding MIDI device requests or unexpected process interactions.

Compensating Controls: Restrict or disable WebMIDI if it is not required for business operations, and ensure host-based security tools are updated to detect sandbox escape attempts.

Public Exploit Available: false

The risk of sandbox escape via this vulnerability is high, and the potential for lateral movement within the network is significant. IT and security teams should treat this update with urgency to ensure all Windows workstations are protected.