Impact
An integer overflow (CWE-190) and improper handling of size types (CWE-472) were discovered in the Mojo inter‑process communication system used by Google Chrome. The flaw allows a remote attacker who already has control of the renderer process to perform a sandbox escape, potentially executing code with elevated privileges. The vulnerability is classified as high severity by Chromium security.
Affected Systems
The flaw affects Google Chrome on desktop platforms in any version prior to 149.0.7827.201. All earlier releases are vulnerable until updated to the patched build.
Risk and Exploitability
The EPSS score is <1% and the vulnerability is not listed in the CISA KEV catalog, indicating limited publicly documented exploitation. Chromium's own assessment, coupled with a CVSS score of 8.3, classifies it as high severity, suggesting that exploitation could lead to complete compromise of the system hosting the browser. The attack requires the attacker to have already compromised the renderer process, so a prior foothold is necessary. The lack of a publicly documented exploit coupled with the high severity indicates a moderate to high risk for systems that remain on affected versions.
OpenCVE Enrichment
Debian DLA
Debian DSA