A heap buffer overflow in Google Chrome’s WebRTC implementation creates a high-risk vector for remote code execution.

The vulnerability is a heap buffer overflow within the WebRTC module. This flaw requires no authentication and can be exploited by an attacker through a malicious web page.

This heap buffer overflow carries a CVSS score of 8.8, indicating a severe risk to corporate environments. Successful exploitation allows for memory corruption, which typically leads to arbitrary code execution, potentially resulting in full system compromise for the affected user.

Immediate Action: Apply the latest security updates provided by Google to transition to Chrome version 147 or higher.

Proactive Monitoring: Monitor for anomalous spikes in browser memory usage or frequent unexpected application terminations.

Compensating Controls: Ensure that endpoint protection systems are configured to block execution from suspicious web-based sources.

Public Exploit Available: false

Memory corruption vulnerabilities in core browser components like WebRTC are frequent targets for threat actors. It is essential that security teams verify that all instances of Chrome are updated to the patched version to prevent potential exploitation.