A high-severity heap buffer overflow in Google Chrome’s WebRTC component presents a critical risk of arbitrary code execution for all users.

This is a heap buffer overflow vulnerability in the WebRTC module. An unauthenticated remote attacker can exploit this by providing specially crafted WebRTC data to a target browser.

The CVSS score of 8.8 highlights the severity of this heap-based vulnerability. Successful exploitation can lead to a crash of the browser process or, more critically, the execution of arbitrary code, which could result in a full compromise of the local machine.

Immediate Action: Update all Google Chrome installations to version 148 or later to resolve the heap buffer overflow.

Proactive Monitoring: Monitor for unexpected browser crashes and investigate any anomalous memory usage spikes in the browser process.

Compensating Controls: Use endpoint detection and response (EDR) tools to identify and block processes attempting to perform unauthorized memory operations originating from the browser.

Public Exploit Available: false

Heap buffer overflows are classic targets for remote code execution. Given the severity, it is imperative that organizations deploy the latest Chrome update immediately to secure their browser environments.