A critical use-after-free vulnerability in Google Chrome’s Accessibility component on Windows presents a significant risk of remote code execution.

The vulnerability involves a use-after-free error in the Accessibility feature of Chrome. An unauthenticated attacker can trigger this flaw by enticing a user to visit a malicious website.

With a CVSS score of 8.8, this flaw represents a high risk to Windows-based enterprise workstations. If exploited, an attacker could gain control over the browser process, potentially leading to privilege escalation or further lateral movement within the corporate network.

Immediate Action: Update Google Chrome on all Windows workstations to version 147 or later immediately.

Proactive Monitoring: Monitor system logs for unexpected application crashes or unauthorized process executions originating from the Chrome browser.

Compensating Controls: Use Group Policy to enforce browser updates and limit the execution of high-risk browser extensions.

Public Exploit Available: false

Given the widespread use of Chrome on Windows, this vulnerability should be treated with high urgency. IT administrators must ensure that all Windows clients are updated to the latest version to protect against potential exploitation.