Impact
A use‑after‑free flaw exists in Chrome’s Network code for versions before 149.0.7827.115. The flaw allows an attacker positioned on a privileged network to send specially crafted traffic that corrupts heap memory, potentially enabling arbitrary code execution. This vulnerability is associated with both CWE-416 and CWE-825 and is classified as a high‑severity issue by Chromium’s own security team.
Affected Systems
Google Chrome versions older than 149.0.7827.115 on all supported operating systems are vulnerable. No specific environment restrictions are listed, but the attacker must be able to dictate network traffic to the target.
Risk and Exploitability
The flaw’s CVSS score of 8.1 combined with the use‑after‑free nature suggests a serious exploitation risk, and the EPSS score of 0.00195 indicates a very low but non‑zero exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. Exploitation likely requires a trusted network segment or an attacker with sufficient privileges to generate malicious traffic toward the victim’s Chrome instance.
OpenCVE Enrichment
Debian DSA