Google Chrome contains a high-severity integer overflow vulnerability in the Mojo component that could lead to memory corruption or arbitrary code execution.

This is an integer overflow flaw located within the Mojo inter-process communication system. Exploitation typically requires the victim to interact with malicious web content, which could trigger the overflow and lead to unexpected application behavior.

With a CVSS score of 8.3, this vulnerability represents a significant risk to organizational endpoints. Successful exploitation could allow an attacker to bypass browser security sandbox protections, resulting in unauthorized code execution, data theft, or the installation of malicious software on the host device.

Immediate Action: Update all instances of Google Chrome to version 149 or later immediately.

Proactive Monitoring: Monitor endpoint security logs for signs of anomalous browser process crashes or unusual network traffic originating from browser instances.

Compensating Controls: Deploy endpoint protection platforms (EPP) and ensure that browser-based security features, such as site isolation, remain enabled to mitigate the impact of potential memory corruption.

Public Exploit Available: False

Browser-based vulnerabilities are frequent targets for threat actors. Organizations must ensure that automated update mechanisms are functioning correctly and that all Chrome instances are updated to the patched version to minimize the attack surface.