An integer overflow in the Chromecast component of Google Chrome allows a malicious attacker who has already compromised the renderer process to potentially escape the sandbox and execute code with higher privileges. This weakness falls under CWE-472 and is characterized by a failure to properly validate arithmetic bounds, giving an attacker the ability to influence memory access patterns. The consequence of a successful escape is the ability for the attacker to run arbitrary code, modify system files, or gain persistence within the affected system.

All desktop installations of Google Chrome that are running a version earlier than 149.0.7827.53 are affected. This includes Windows, macOS, Linux, and ChromeOS systems that have not applied the latest stable update. The vulnerability is tied to the Chromecast feature, so any user who has Chromecast functionality enabled in the browser is at risk.

The flaw is rated as high severity by Chromium, and the CVSS score is 8.3. The EPSS score is unavailable, indicating limited public data on exploitation likelihood, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to have initial access to the renderer process, which could be achieved through a malicious web page or compromised site. Once the overflow is triggered, sandbox escape is possible, potentially leading to full system compromise. The attack vector is inferred to be remote via crafted HTML content, as the description references a crafted HTML page.