Impact
The vulnerability is a type confusion bug in the Dawn rendering engine of Google Chrome that can allow a maliciously crafted HTML page, when processed by a compromised renderer process, to escape the browser sandbox and potentially execute arbitrary code outside the browser's security boundaries. The defect was rated as Critical by Chromium's security team.
Affected Systems
Google Chrome browsers on all platforms, up to and including versions prior to 150.0.7871.47, that use the Dawn engine are affected. No further version granularity or platform details are provided.
Risk and Exploitability
The CVSS score is not listed, but Chromium classified the issue as Critical. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, indicating no known public exploit at the time of this report. The exploitation scenario requires a remote attacker with some degree of control over the renderer process to craft a malicious HTML document to trigger the type confusion and escape the sandbox.
OpenCVE Enrichment