A high-severity heap buffer overflow in Google Chrome's libvpx component allows unauthenticated attackers to execute arbitrary code or cause a denial of service via specially crafted web content.

A heap buffer overflow exists in the libvpx video codec library. An unauthenticated remote attacker can exploit this by enticing a user to visit a malicious website or view a malicious video, leading to memory corruption and potential code execution within the browser's context.

With a CVSS score of 8.8, this vulnerability poses a significant threat to corporate endpoints. Successful exploitation could lead to the compromise of user workstations, theft of session cookies, or the installation of malware, bypassing standard browser security boundaries.

Immediate Action: Update Google Chrome to version 144 or later across all enterprise endpoints immediately to patch the vulnerable libvpx library.

Proactive Monitoring: Use endpoint detection and response (EDR) tools to monitor for unusual browser child processes or unexpected memory allocation patterns.

Compensating Controls: Implement web filtering to block known malicious domains and ensure that browser sandboxing features are strictly enforced via Group Policy.

Public Exploit Available: false

Browser vulnerabilities are a primary entry point for modern cyberattacks. It is critical that organizations automate the update process for Google Chrome to ensure that version 144 is deployed rapidly across the entire fleet.