A use-after-free vulnerability in the GPU GLES shared library could allow an attacker to trigger crashes or potentially execute code via malicious web content.

The vulnerability is a write use-after-free (UAF) crash condition occurring within the GPU GLES user-space shared library. It is triggered when processing specifically crafted WebGPU content, which may lead to memory corruption within the rendering process.

A CVSS score of 8.1 highlights the critical nature of this flaw, as it can be weaponized through web browsers to achieve remote code execution. This poses a severe risk to end-user workstations, potentially leading to unauthorized data exfiltration or system takeover.

Immediate Action: Ensure that all web browsers and associated GPU drivers are updated to the latest versions provided by the vendor.

Proactive Monitoring: Utilize endpoint detection and response (EDR) solutions to monitor for suspicious process crashes or anomalous memory access patterns in web browser renderers.

Compensating Controls: Use browser-based security features or extensions that restrict execution of WebGPU content from untrusted domains.

Public Exploit Available: false

Organizations should prioritize the update of browser environments and graphics drivers to mitigate this high-severity UAF vulnerability. Immediate patching is recommended to prevent potential exploitation via malicious web-based content.