Google Chrome is affected by a high-severity use-after-free vulnerability in its Dawn component that is currently being exploited in the wild.

This is a use-after-free (UAF) vulnerability located within the Dawn component, which is Chrome's implementation of the WebGPU standard. An unauthenticated remote attacker can trigger this flaw by enticing a user to visit a specially crafted website.

Exploitation can lead to arbitrary code execution within the context of the browser sandbox or cause the browser to crash. With a CVSS score of 8.8 and confirmed active exploitation, the risk of targeted attacks against employees to gain an initial foothold in the corporate network is significant.

Immediate Action: Update all Google Chrome installations to version 146 or later immediately to mitigate the risk of active exploitation.

Proactive Monitoring: Utilize endpoint detection and response (EDR) tools to monitor for unusual browser child processes or crashes that could indicate an exploitation attempt.

Compensating Controls: Restrict access to untrusted websites and ensure that browser isolation technologies are utilized for high-risk users.

Public Exploit Available: false

Given the evidence of active exploitation, this vulnerability requires an emergency patch cycle. Administrators should use automated deployment tools to ensure all endpoints are updated to Chrome 146+ within 24 hours.