A high-severity use-after-free vulnerability in Google Chrome’s Web Authentication module could allow attackers to execute arbitrary code.

This flaw is a use-after-free vulnerability within the Web Authentication API. An unauthenticated attacker can exploit this by directing a user to a malicious site, potentially leading to memory corruption and code execution.

The CVSS score of 8.8 reflects the high potential for system-level impact. Exploitation of the Web Authentication component could bypass critical security controls, potentially leading to unauthorized access to sensitive web applications and services.

Immediate Action: Apply the latest security updates provided by Google to move to Chrome version 149 or later.

Proactive Monitoring: Monitor network traffic for unusual authentication attempts or patterns consistent with browser-based exploitation.

Compensating Controls: Utilize endpoint detection and response (EDR) solutions to identify and block suspicious process spawning originating from the browser.

Public Exploit Available: false

Authentication modules are high-value targets for attackers. Organizations must prioritize patching this vulnerability to prevent potential session hijacking or persistent access gained through memory corruption.