Impact
A use‑after‑free flaw in the Core component of Google Chrome on Windows allows a remote attacker to run arbitrary code by delivering a specially crafted HTML page. The vulnerability is classified as Critical by Chromium, indicating that exploitation could compromise confidentiality, integrity, and availability of the affected system.
Affected Systems
Google Chrome for Windows versions prior to 149.0.7827.115 are affected. Updating to 149.0.7827.115 or a later release removes the flaw.
Risk and Exploitability
The CVSS score of 8.8 indicates high severity, and the classification as Critical by Chromium reinforces the risk. The EPSS score of 0.00286 (about 0.29%) indicates a very low yet non‑zero likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, yet the nature of the flaw would still enable an attacker with control over a web page to execute code on the victim machine.
OpenCVE Enrichment
Debian DSA