Impact
An inappropriate implementation in the Views module of Google Chrome on Windows allows a remote attacker who has already compromised the renderer process to potentially escape the browser sandbox by loading a specially crafted HTML page. This vulnerability can break the isolation guarantees that the renderer is supposed to provide, enabling the attacker to execute code outside the sandbox with the privileges of the user running Chrome. The high severity rating from Chromium reflects the serious impact on confidentiality, integrity, and availability if exploited.
Affected Systems
Google Chrome installations running on Windows that are older than version 149.0.7827.115 are affected. The defect exists only on those builds; all newer versions receive the fix via the standard Chrome update channel.
Risk and Exploitability
The EPSS score is < 1%, indicating a very low but nonzero likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, indicating that there is currently no public exploit evidence. Nevertheless, because the flaw requires an attacker to first compromise the renderer process—often achievable through a malicious web page—those with such foothold can achieve privilege escalation. The CVSS score is 8.3.
OpenCVE Enrichment
Debian DSA