A heap buffer overflow in the WebML component of Google Chrome prior to version 146 allows remote, unauthenticated attackers to potentially execute code on a victim's system.

This vulnerability involves a heap buffer overflow within the WebML framework. An unauthenticated attacker can exploit this by hosting a malicious page that, when rendered by Chrome, overflows allocated memory buffers to gain control over program execution.

This vulnerability threatens the integrity of the user's computing environment. If exploited, it could lead to the theft of sensitive session data, credentials, or the installation of malware. The CVSS score of 8.8 reflects the high impact on confidentiality and availability should a remote execution occur.

Immediate Action: Force an update of Google Chrome to the latest stable version (146 or higher) to patch the vulnerable WebML code.

Proactive Monitoring: Monitor network traffic for connections to suspicious domains and review endpoint logs for browser-related crashes which may indicate failed exploit attempts.

Compensating Controls: Utilize browser sandboxing and application control policies to limit the potential impact of a successful browser exploit.

Public Exploit Available: false

To maintain a secure posture, it is critical to address browser vulnerabilities before they are integrated into active exploit kits. We recommend an immediate audit of all installed Chrome versions and the mandatory application of the version 146 update to eliminate the risk of heap-based memory corruption.