An object lifecycle vulnerability in the Google Chrome WebShare component on macOS introduces a severe risk of unauthorized code execution.

This vulnerability involves an object lifecycle management error within the WebShare API. An unauthenticated attacker can leverage this to trigger memory corruption, potentially leading to arbitrary code execution.

With a CVSS score of 8.8, this vulnerability is highly critical for users of Google Chrome on macOS. Exploitation could lead to full browser compromise, facilitating the theft of session tokens, credentials, or other sensitive data stored within the browser profile.

Immediate Action: Update Google Chrome on all macOS devices to version 148 or later.

Proactive Monitoring: Monitor for unusual system calls or unexpected network connections originating from the Chrome application on macOS endpoints.

Compensating Controls: Restrict permissions on sensitive files and use macOS security features like Gatekeeper to limit the impact of potential secondary payloads.

Public Exploit Available: false

The 8.8 CVSS rating underscores the urgency of this update. Security teams must ensure that all macOS-based Chrome installations are updated immediately to prevent potential exploitation of this lifecycle flaw.