Google Chrome is vulnerable to a heap buffer overflow in its WebML component, which could allow a remote attacker to execute arbitrary code or cause a denial of service.

This is a heap buffer overflow vulnerability located in the WebML implementation. An unauthenticated remote attacker can trigger this flaw by enticing a user to visit a specially crafted, malicious website, leading to memory corruption.

Successful exploitation could allow an attacker to execute arbitrary code within the context of the browser's sandbox or cause the application to crash. Given the ubiquity of Chrome in corporate environments, this poses a risk of workstation compromise and subsequent lateral movement. The CVSS score of 8.8 indicates a high severity due to the ease of remote delivery via the web.

Immediate Action: Update Google Chrome to version 146 or later across all workstations to resolve the underlying memory management issue.

Proactive Monitoring: Use endpoint detection and response (EDR) tools to monitor for unusual browser child processes or unexpected memory allocation patterns.

Compensating Controls: Implement web filtering to prevent users from visiting known malicious or untrusted websites that could host exploit code.

Public Exploit Available: false

The risk of remote code execution through a standard web browser is a high-priority threat. Organizations must ensure that Chrome's auto-update feature is enabled and functional across the enterprise. Immediate deployment of version 146 is the only effective way to mitigate this memory corruption vulnerability and protect end-user systems.