Use-after-Free in Blink in Google Chrome

Successful exploitation allows a remote attacker to achieve arbitrary code execution within the Chrome renderer sandbox. Depending on the attacker’s objectives and the presence of additional vulnerabilities, this could be used to crash the browser, execute malicious logic in the sandboxed renderer context, and potentially serve as a stepping stone for further compromise if chained with a sandbox escape or privilege escalation vulnerability.

Apply the official Chrome security update on an urgent basis. Until patching is complete, reduce exposure by limiting access to untrusted websites and untrusted HTML content, enforcing browser isolation or application sandboxing controls where available, and monitoring for abnormal browser crashes or exploitation attempts. Because the flaw is reachable through crafted web content, minimizing user interaction with untrusted pages can reduce risk, but patching is the primary mitigation.

Update Google Chrome to version 149.0.7827.197 or later on affected platforms. The provided content states that Chrome versions prior to 149.0.7827.197 are vulnerable, and Google released Stable channel updates in the 149.0.7827.196/197 line for Windows and Mac and 149.0.7827.196 for Linux as part of the security rollout. Organizations should deploy the vendor-provided patched build through standard browser update and enterprise software management processes as soon as possible.