CVE-2026-9120
Google · Chrome
A use-after-free vulnerability in the WebRTC component of Google Chrome may allow for memory corruption or arbitrary code execution.
Executive summary
A high-severity use-after-free vulnerability in the Google Chrome WebRTC component presents a risk of memory corruption and potential code execution.
Vulnerability
The vulnerability is a use-after-free flaw located within the WebRTC implementation of Google Chrome. This class of memory safety error can be exploited by an attacker to manipulate application state, typically requiring the user to visit a malicious webpage.
Business impact
Use-after-free vulnerabilities are frequently leveraged by attackers to achieve arbitrary code execution on target systems. Given the CVSS score of 8.8, this vulnerability is considered a high-priority risk that could lead to full system compromise if successfully weaponized.
Remediation
Immediate Action: Update all Google Chrome installations to version 148 or later to address the vulnerable WebRTC component.
Proactive Monitoring: Review endpoint security logs for signs of anomalous browser behavior or unexpected process crashes that could indicate an exploitation attempt.
Compensating Controls: Utilize endpoint protection platforms (EPP) to detect and block malicious web-based payloads targeting browser memory.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the prevalence of use-after-free vulnerabilities in browser exploit chains, immediate patching is essential. Security teams should expedite the deployment of the vendor-supplied update to minimize the attack surface.