A critical use-after-free vulnerability in Google Chrome on Windows poses a significant risk of arbitrary code execution and system compromise.

This is a use-after-free vulnerability located within the Core component of the browser. The flaw can be triggered by an unauthenticated remote attacker through a crafted web page, leading to memory corruption.

The exploitation of this vulnerability could allow a remote attacker to execute arbitrary code within the context of the user's browser session. With a CVSS score of 8.3, this high-severity flaw threatens data confidentiality and integrity, potentially leading to unauthorized access to sensitive user information or full system compromise.

Immediate Action: Update all installations of Google Chrome on Windows to version 148 or later immediately.

Proactive Monitoring: Monitor endpoint process logs for abnormal child process spawning initiated by the browser.

Compensating Controls: Ensure that browser-based sandboxing features are enabled and utilize endpoint security solutions to detect anomalous memory access patterns.

Public Exploit Available: false

Given the severity of memory-based vulnerabilities in browser environments, organizations must prioritize patching. Deploy the latest version of Chrome across the enterprise to mitigate the risk of remote code execution.