A high-severity use-after-free vulnerability in the Video component of Google Chrome for Windows could enable remote attackers to escape the browser sandbox.

This is a use-after-free vulnerability within the Video component. A remote attacker could exploit this by tricking a user into visiting a malicious website, potentially allowing them to escape the browser sandbox after compromising the renderer process.

With a CVSS score of 8.3, this vulnerability represents a significant risk to Windows-based endpoints. A successful exploit could allow an attacker to bypass browser protections, potentially leading to unauthorized code execution on the host system and compromise of corporate data.

Immediate Action: Update all Google Chrome instances on Windows to version 149.0.7827.115 immediately.

Proactive Monitoring: Monitor endpoint logs for suspicious process spawning or abnormal video-related memory usage within the browser.

Compensating Controls: Ensure that Windows Defender or other endpoint security software is fully updated to identify and block known exploit patterns.

Public Exploit Available: false

Given the pervasive use of Chrome on Windows, this update should be deployed across the organization with urgency. Patching is the only effective way to mitigate the risk of sandbox escape associated with this vulnerability.