A high-severity use-after-free vulnerability in Google Chrome's XR component on Windows permits a remote attacker to potentially perform a sandbox escape.

This vulnerability involves a use-after-free error within the XR (Extended Reality) module of Google Chrome. An unauthenticated attacker, having already compromised the renderer process, can exploit this to escape the browser's sandbox.

The CVSS score of 8.3 reflects the high risk associated with sandbox escapes. If exploited, an attacker could gain elevated privileges or move laterally within the host system, compromising sensitive data and endangering the overall security posture of the affected workstation.

Immediate Action: Deploy the latest stable channel update for Google Chrome (version 148.0.7778.216 or later) to all Windows systems.

Proactive Monitoring: Monitor for unexpected browser behavior or recurring crashes in the XR-related modules, which may indicate exploitation attempts.

Compensating Controls: Implement endpoint protection solutions that can detect and block suspicious child processes initiated by the browser.

Public Exploit Available: False

Given the potential for a sandbox escape, organizations should mandate the update to Chrome version 148.0.7778.216 or later. Ensuring all web browsers are fully patched is a fundamental component of a robust defense-in-depth strategy.