A critical use-after-free vulnerability in Google Chrome’s FileSystem component poses a significant risk of arbitrary code execution for affected users.

This is a memory corruption vulnerability involving a use-after-free condition within the FileSystem API. An unauthenticated, remote attacker could leverage this flaw by enticing a user to visit a specially crafted webpage, leading to memory corruption and potential code execution.

Successful exploitation of this vulnerability allows an attacker to execute arbitrary code within the context of the browser process. Given the CVSS score of 8.8, this represents a high risk to organizational security, potentially leading to full system compromise, data theft, or the installation of malicious software on the victim’s machine.

Immediate Action: Update all instances of Google Chrome to version 149 or later immediately to resolve the underlying memory management flaw.

Proactive Monitoring: Monitor browser process behavior and endpoint security logs for anomalous crashes or unauthorized network connections originating from the Chrome process.

Compensating Controls: Ensure that endpoint protection solutions are active and that users are restricted from executing untrusted scripts or visiting high-risk domains.

Public Exploit Available: false

The high CVSS score of 8.8 necessitates immediate attention from IT security teams. Organizations should prioritize the deployment of the latest Chrome version across all enterprise endpoints to mitigate the risk of memory corruption-based attacks.