Google Chrome versions prior to 145 are vulnerable to a high-severity Use After Free flaw that could lead to remote code execution and browser compromise.

This vulnerability is a memory corruption issue (Use After Free) within the CSS component of the browser. An unauthenticated remote attacker can exploit this by enticing a user to visit a specially crafted website, leading to a crash or arbitrary code execution.

Exploitation of this flaw can lead to the compromise of the user's workstation, allowing for the theft of browser-stored credentials, session hijacking, or the installation of further malware. Given Chrome's ubiquity, this poses a significant risk to corporate endpoint security. The CVSS score of 8.8 reflects the high severity of remote code execution.

Immediate Action: Update Google Chrome to version 145 or later across all endpoints immediately.

Proactive Monitoring: Utilize endpoint detection and response (EDR) tools to monitor for unusual browser crashes or suspicious child processes spawned by Chrome.

Compensating Controls: Implement web filtering to prevent users from accessing known malicious or untrusted websites that might host exploit code.

Public Exploit Available: false

Browser updates are a critical component of endpoint hygiene. Administrators should ensure that auto-update mechanisms are functioning correctly and that all systems are running at least version 145 to mitigate this risk.