[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKruTYGv3g9NzsPfcUwwvXnKqmwROCpDpK1iPTfYfFbc":3},{"lesson":4},{"id":5,"slug":6,"article_id":7,"title":8,"body":9,"prevention":10,"framework_refs":11,"status":19,"created_at":20,"published_at":21,"article":22,"tags":26,"podcasts":39},"65e3a9fe-8d54-4ee7-97ba-63162a69747b","chrome-149-patches-18-severe-flaws-including-critical-rce-risks","8b38fae8-613a-4462-94d1-a14f6ac6b4e1","Chrome 149 Patches 18 Severe Flaws Including Critical RCE Risks","Google's Chrome 149 release addressed 18 vulnerabilities — four critical and fourteen high-severity — many stemming from use-after-free memory flaws that can enable remote code execution. Use-after-free vulnerabilities occur when software continues to reference memory after it has been freed, allowing attackers to execute arbitrary code in the context of the browser. While no active exploitation has been confirmed, unpatched browsers represent a significant attack surface, especially in enterprise environments where users access sensitive systems via the web. Delayed patching of widely-used software like Chrome dramatically increases the window of opportunity for threat actors to weaponize publicly disclosed vulnerabilities.","**Immediate actions:**\n- Update all Chrome installations to version 149 or later immediately across all endpoints.\n- Enable Chrome's automatic update feature to ensure future patches are applied without manual intervention.\n- Audit the organization's browser inventory to identify any outdated or unsupported browser versions in use.\n\n**Long-term improvements:**\n- Establish a formal patch management policy that mandates critical browser patches be deployed within 24–48 hours of release.\n- Maintain a comprehensive software asset inventory to ensure all browser deployments are tracked and managed centrally.\n- Implement application whitelisting or browser management policies via MDM\u002FGPO to enforce approved, up-to-date browser versions.\n\n**Detection measures:**\n- Deploy endpoint detection and response (EDR) tools capable of identifying exploitation attempts targeting browser memory vulnerabilities.\n- Configure vulnerability scanning tools to flag endpoints running outdated browser versions as high-priority findings.\n- Monitor endpoint telemetry for anomalous browser process behavior that may indicate attempted exploitation.",[12,13,14,15,16,17,18],"CIS Control 2: Inventory and Control of Software Assets","CIS Control 7: Continuous Vulnerability Management","NIST SP 800-40 Rev. 4: Guide to Enterprise Patch Management","NIST SI-2: Flaw Remediation","NIST RA-5: Vulnerability Monitoring and Scanning","ITIL Change Management: Emergency Change Procedures","GDPR Article 32: Security of Processing (technical measures to ensure ongoing confidentiality and integrity)","published","2026-06-25T08:20:19.743139+00:00","2026-06-25T08:20:19.431+00:00",{"id":7,"url":23,"slug":24,"title":25},"https:\u002F\u002Fwww.securityweek.com\u002Fchrome-149-update-resolves-18-severe-vulnerabilities\u002F","chrome-149-update-resolves-18-severe-vulnerabilities-4ae331","Chrome 149 Update Resolves 18 Severe Vulnerabilities",[27,33],{"id":28,"name":29,"slug":30,"description":31,"color":32},"05757c8d-6b93-4194-b35d-7359e7d33b0e","Vulnerability Management","vulnerability-management","Missing scans, no risk prioritization","#fb923c",{"id":34,"name":35,"slug":36,"description":37,"color":38},"af7fce9e-1ce8-4156-93bc-09dcfbfdf29d","Patch Management","patch-management","Unpatched vulnerabilities, delayed updates","#ef4444",[]]