Microsoft identified a memory corruption vulnerability in ChromeOS triggered remotely, which could allow attackers to carry out either a denial-of-service (DoS) or remote code execution (RCE).
Researchers mention that the flaw could be remotely triggered by manipulating audio metadata. Attackers would have tempted the users by simply playing a new song in a browser or from a paired Bluetooth device, or leveraged adversary-in-the-middle (AiTM) capabilities to exploit the vulnerability remotely.
https://cybersecuritynews.com/chromeos- ... tion-flaw/