Impact
The vulnerability is a use‑after‑free in the GPU component of Google Chrome, classified as CWE‑416. A remote attacker who has already compromised the renderer process can potentially use a crafted HTML page to escape the sandbox, allowing execution of arbitrary code or access to privileged system resources. Chromium rates the issue as critical, highlighting the severity of the potential sandbox escape. The attack clearly requires initial compromise of the renderer, such as via malicious web content or a cross‑site scripting vector, but once achieved it can compromise the host operating system.
Affected Systems
All installations of Google Chrome up to, but not including, version 150.0.7871.47 are affected. Users who have not yet upgraded to this or newer stable channel releases remain vulnerable. The flaw affects the standard Chrome desktop build for all platforms that use the GPU path for rendering.
Risk and Exploitability
Because the CVSS score is not publicly disclosed and EPSS is unavailable, the raw severity is inferred from the critical rating. The vulnerability is high‑risk when the precondition of renderer compromise is met, but the overall risk to an uninformed end‑user is moderate because it requires a sophisticated attacker to deliver malicious content first. The flaw is not listed in the CISA KEV catalog, indicating no public exploitation evidence at the time of this analysis. Nonetheless, given the critical classification, the recommended response is to upgrade immediately. The primary attack vector is a maliciously crafted web page loaded by a user in a compromised renderer process.
OpenCVE Enrichment