A critical use-after-free vulnerability in Google Chrome allows remote attackers to execute a sandbox escape, potentially compromising the underlying host system.

This is a use-after-free memory corruption vulnerability occurring within the Fullscreen component. An unauthenticated remote attacker can trigger this flaw by enticing a user to navigate to a specifically crafted malicious web page.

Sandbox escape vulnerabilities represent a high-tier threat to organizational security by bypassing the primary browser security boundary. With a CVSS score of 9.6, successful exploitation could lead to arbitrary code execution on the user's host machine, resulting in full system compromise and data theft.

Immediate Action: Update Google Chrome to version 148.0.7778.96 or higher immediately.

Proactive Monitoring: Monitor endpoint security logs for unusual process spawning originating from the Chrome browser process.

Compensating Controls: Utilize browser-based security policies (e.g., managed GPO/MDM settings) to restrict access to potentially untrusted sites and enable enterprise-grade endpoint protection.

Public Exploit Available: false

Because browser vulnerabilities are frequently targeted in drive-by-download attacks, it is imperative to enforce the update across all managed workstations and mobile devices to mitigate the risk of system-level compromise.