A high-severity use-after-free vulnerability in Google Chrome’s WebRTC component on Linux poses a significant risk of arbitrary code execution for affected users.

This is a use-after-free vulnerability within the WebRTC implementation. It typically requires an unauthenticated, remote attacker to entice a user to visit a malicious webpage to trigger the flaw.

With a CVSS score of 8.8, this vulnerability represents a high risk to organizational security. Successful exploitation could lead to full system compromise, unauthorized data access, and the potential for lateral movement within the network, resulting in severe operational disruption.

Immediate Action: Update all Google Chrome instances on Linux to version 148 or later as provided by the vendor.

Proactive Monitoring: Monitor browser-related process crashes and inspect network traffic for anomalous WebRTC-related patterns.

Compensating Controls: Deploy endpoint protection solutions capable of detecting memory corruption exploits and ensure users are restricted from executing untrusted browser extensions.

Public Exploit Available: false

Given the high CVSS severity and the common attack vector of browser-based exploits, immediate patching is essential. Organizations should prioritize updating all Linux-based Chrome deployments across the enterprise to mitigate the risk of remote code execution.