A high-severity use-after-free vulnerability in Google Chrome's Media component enables remote code execution, posing a significant risk to end-user workstations.

The vulnerability is a use-after-free error occurring within the Media processing logic, which can be triggered by a remote attacker through a specially crafted HTML page to execute code within the browser sandbox.

Successful exploitation allows an attacker to execute arbitrary code on the host machine, potentially leading to malware installation, credential theft, or further lateral movement within the network. With a CVSS score of 8.8, this vulnerability is a high-priority risk for all endpoints utilizing the Chrome browser.

Immediate Action: Update Google Chrome to version 147.0.7727.55 or later across all managed devices.

Proactive Monitoring: Review endpoint security logs for unusual browser activity or attempts to load malicious media files.

Compensating Controls: Enforce browser security policies that restrict the execution of untrusted scripts and ensure all endpoints are running active EDR solutions.

Public Exploit Available: false

Browser-based vulnerabilities are common targets for attackers. Organizations should ensure that the automatic update mechanism for Google Chrome is functioning correctly or push the update to all endpoints immediately to mitigate the risk of remote code execution.