Vulnerability Summary Title: Security: A UAF in WebRTC Type: Vulnerability Priority: P1 Severity: S1 Status: Fixed Reporter: om...@talon-sec.com Assignee: al...@chromium.org Vulnerability Details Trigger: The bug is triggered in in the method, causing the browser process to crash. Race Condition: A race condition exists between the COM thread and another thread that can lead to being called on a freed . Reproduction: The issue can be reproduced by closing a native window while it is being captured with . Reproduction Case Window Capturing Classes: Webrtc uses (primary) and (secondary) to capture video. Fallback Mechanism: If fails, it falls back to . Reproduction Steps: 1. Use the screenshare window picker to capture a window. 2. Close the captured window before check in . 3. Observe the race condition causing the crash. Note: The proof-of-concept (POC) is done using Python on a Windows 11 VM.