A use‑after‑free flaw exists in the Dawn rendering engine of Google Chrome versions prior to 149.0.7827.53. The flaw allows an attacker who has already compromised the renderer process to dereference freed memory, enabling a sandbox escape when a specially crafted HTML page is loaded. This weakness, identified as CWE‑416 and CWE‑825, can potentially grant the attacker full control over the host system, elevating the compromise from the renderer to any higher‑privileged process. Chromium rates this issue as medium severity because the attacker must gain initial local foothold in the renderer.

Users running Google Chrome version earlier than 149.0.7827.53 are affected. The flaw arises from the Dawn rendering engine used in those builds. The vulnerability is localized to the renderer component, leaving other browser processes isolated under normal sandbox constraints.

The EPSS score of <1% indicates a low probability of widespread exploitation, and the vulnerability is not listed in CISA’s KEV catalog. The CVSS score of 7.5 denotes medium‑to‑high severity. This weakness, identified as CWE‑416 and CWE‑825, requires the attacker to first compromise the renderer process—typically via local privilege escalation or malicious web content—before the crafted HTML can trigger the use‑after‑free. Because of this prerequisite, the likelihood of successful attacks remains low, but the potential impact—sandbox escape and system compromise—remains high, making the flaw a significant risk.