A high-severity use-after-free vulnerability in Google Chrome on Mac could allow a remote attacker to execute arbitrary code via a specially crafted webpage.

The vulnerability is a use-after-free memory management error located in the Digital Credentials implementation. This flaw can be triggered when a user visits a malicious site, allowing an attacker to manipulate memory and potentially achieve remote code execution.

A successful exploit could lead to full browser compromise, enabling the attacker to steal user credentials, session tokens, or sensitive data stored within the browser. Given the CVSS score of 8.8, this vulnerability is highly dangerous for enterprise environments where browsers are a primary entry point for web-based threats.

Immediate Action: Update Google Chrome to version 149 or later across all managed Mac endpoints immediately.

Proactive Monitoring: Monitor for unexpected browser crashes or unusual network activity originating from browser processes.

Compensating Controls: Utilize endpoint protection software and browser isolation technologies to mitigate the impact of potential memory corruption exploits.

Public Exploit Available: false

Browser-based vulnerabilities of this nature are frequently targeted by threat actors. It is essential that all users upgrade their Chrome installations to version 149 or later immediately to address this memory corruption flaw and protect against potential remote code execution attacks.