A use-after-free vulnerability in the Google Chrome CSS engine allows remote attackers to potentially execute arbitrary code via malformed web content.

The CSS engine fails to properly manage memory, leading to a use-after-free condition. An attacker can craft a website that forces the browser to access freed memory, resulting in code execution.

Given the prevalence of Chrome in enterprise environments, a CVSS score of 8.8 signifies an urgent risk. Compromise of a browser leads to the loss of confidentiality and integrity of web-based applications and user data.

Immediate Action: Update Google Chrome to version 147 or later.

Proactive Monitoring: Use centralized management tools to verify the browser version across all company endpoints.

Compensating Controls: Deploy advanced threat protection solutions that can detect and block browser exploitation attempts.

Public Exploit Available: false

Patching browser software is one of the most effective ways to reduce the risk of client-side attacks. Organizations must ensure that the update to Chrome 147 is pushed to all workstations immediately.