Use-after-free in WebRTC in Google Chrome

Successful exploitation can allow remote arbitrary code execution after a target visits or interacts with a maliciously crafted HTML page. The provided CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates high impact to confidentiality, integrity, and availability, consistent with compromise of the browser process and potential follow-on attacker actions within that security context.

If immediate patching is not possible, reduce exposure by limiting access to untrusted websites and HTML content, restricting browser use in high-risk workflows, and applying enterprise controls that reduce execution of untrusted web content. Because exploitation requires delivery of a crafted HTML page and user interaction, temporary mitigations include blocking or filtering suspicious links and isolating browser activity until the fixed version is deployed. These are interim measures only; vendor patching is the primary mitigation.

Update Google Chrome to version 148.0.7778.179 or later. The provided content indicates the vulnerability affects versions prior to 148.0.7778.179 and was fixed in the Chrome Stable channel update to 148.0.7778.178/179 for Windows and Mac and 148.0.7778.178 for Linux as part of the relevant security release. Administrators should ensure deployed Chrome installations are updated to the vendor-fixed release or newer and restarted so the patch is applied.