A high-severity Use-After-Free vulnerability in Google Chrome allows attackers to execute arbitrary code through specially crafted web content.

This is a memory corruption vulnerability (Use-After-Free) located in the Digital Credentials implementation. An attacker can trigger this condition by enticing a user to visit a malicious website, potentially leading to arbitrary code execution within the browser's context.

With a CVSS score of 8.8, this flaw is highly dangerous as it allows for browser-based attacks that can bypass security boundaries. Successful exploitation could lead to data theft, session hijacking, or the installation of malicious software on the end-user's device.

Immediate Action: Update Google Chrome to version 149 or later to incorporate the vendor's security fixes.

Proactive Monitoring: Monitor endpoint logs for abnormal browser crashes or unexpected behavior that may indicate an attempted UAF exploit.

Compensating Controls: Use endpoint protection software that can detect and block known exploit patterns and maintain strict browser security policies.

Public Exploit Available: false

Browser-based UAF vulnerabilities are frequently targeted by attackers. It is critical that all enterprise environments push the update to version 149 immediately to ensure user protection.