A high-severity use-after-free vulnerability in Google Chrome’s Cast component may allow an attacker on the local network to escape the browser sandbox.

This is a use-after-free vulnerability located within the Cast component. An unauthenticated attacker on the local network segment could trigger this flaw to achieve a sandbox escape.

With a CVSS score of 8.3, this vulnerability poses a significant risk to organizational endpoints. A successful sandbox escape allows an attacker to bypass browser security boundaries, potentially leading to unauthorized system access, data theft, or the execution of arbitrary code on the underlying host operating system.

Immediate Action: Update all instances of Google Chrome to version 149.0.7827.114 (Linux) or 149.0.7827.115 (Mac/Windows) immediately.

Proactive Monitoring: Monitor network traffic for unusual Cast-related requests and ensure endpoint detection systems are updated to flag suspicious process behavior associated with the browser.

Compensating Controls: Restrict local network access to trusted devices and ensure that browser sandbox policies are strictly enforced via organizational group policy or configuration management.

Public Exploit Available: false

Given the capability for sandbox escapes, this vulnerability should be treated as a priority for all IT administrators. Deploy the provided security updates across your environment immediately to mitigate the risk of unauthorized system compromise.