Use-after-free in Google Chrome GPU on Windows

Successful exploitation can result in arbitrary code execution in the context of the Chrome sandbox on the affected Windows system. The available CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates remote exploitation over the network with low attack complexity, no privileges required, user interaction in the form of visiting or rendering a crafted page, and high potential impact to confidentiality, integrity, and availability within the sandboxed browser context.

If immediate patching is not possible, reduce exposure by limiting use of untrusted websites and untrusted HTML content on affected Windows Chrome installations, enforcing rapid browser restart after updates, and applying enterprise controls that restrict browsing to trusted destinations where feasible. Standard browser hardening and endpoint exploit mitigations may reduce risk, but no specific workaround short of updating is provided in the available information.

Upgrade Google Chrome on Windows to version 148.0.7778.179 or later. Organizations using Chromium-based packages should apply the corresponding vendor updates that incorporate the fix for CVE-2026-9112. Because Google indicated that technical details may remain restricted until broad patch adoption, standard remediation should prioritize rapid browser update deployment and restart of affected browser instances.