A high-severity use-after-free flaw in the Google Chrome Autofill component on Windows platforms presents a substantial risk of arbitrary code execution.

This is a use-after-free vulnerability specifically affecting the Autofill feature within Google Chrome on Windows. An unauthenticated attacker could trigger this vulnerability by enticing a user to navigate to a malicious webpage, leading to memory corruption.

Successful exploitation could grant an attacker the ability to execute malicious code within the context of the user's browser, potentially leading to identity theft or the exfiltration of sensitive information stored within the browser. The CVSS score of 8.8 underscores the potential for severe impact on organizational security and data privacy.

Immediate Action: Apply the vendor-provided security update to version 149 or higher on all Windows workstations.

Proactive Monitoring: Monitor endpoint telemetry for suspicious child processes spawned by the Chrome browser.

Compensating Controls: Utilize browser-based security policies to restrict access to potentially malicious domains and limit the scope of Autofill functionality where possible.

Public Exploit Available: false

Given the prevalence of Chrome in enterprise environments, this update should be treated as a high-priority deployment. Organizations must ensure that all Windows clients are patched to the latest version to neutralize this risk.