Google Chrome versions prior to 146 are susceptible to a use-after-free vulnerability in the Agents component, which could lead to remote code execution by an unauthenticated attacker.

This is a use-after-free (UAF) vulnerability in the "Agents" component of Chrome. An unauthenticated remote attacker can exploit this by manipulating memory through a malicious website, causing the browser to reference memory that has already been freed.

A use-after-free condition can be reliably used to achieve remote code execution (RCE). This allows an attacker to bypass security boundaries and potentially gain access to local files or the corporate network. The CVSS score of 8.8 highlights the severe potential for system compromise and data breach.

Immediate Action: Update all Google Chrome installations to version 146 or later immediately to fix the memory management flaw in the Agents component.

Proactive Monitoring: Use memory-protection features provided by modern operating systems and monitor for unusual activity in the Chrome GPU or renderer processes.

Compensating Controls: Employ a robust web gateway solution to block access to untrusted or high-risk web categories, reducing the likelihood of encountering an exploit.

Public Exploit Available: false

The severity of a use-after-free vulnerability in a core browser component cannot be overstated. It provides a direct path for remote attackers to compromise end-user devices. Immediate patching to version 146 is the primary and most effective recommendation to mitigate this critical security risk.