Impact
A use‑after‑free vulnerability exists in the Chromoting component of Google Chrome on ChromeOS. It permits remote execution of arbitrary code when a malicious user delivers crafted network traffic, making the flaw a high‑impact problem that jeopardises confidentiality, integrity, and availability. The weakness is identified as CWE‑416 and is classified as critical by Chromium’s security team.
Affected Systems
Google Chrome on ChromeOS versions older than 150.0.7871.47 are impacted. The flaw affects any device that uses the Chromoting feature for remote desktop or similar services, including all ChromeOS devices running those Chrome releases.
Risk and Exploitability
Chromium rates this vulnerability as critical, indicating a severe threat. Although the EPSS score is not available, the remote execution vector and the critical rating suggest a high likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog, but the absence of an exploit probability metric does not diminish the risk to organisations that enable Chromoting. Attackers would need network connectivity to the target device and the ability to send malformed traffic to the Chromoting service.
OpenCVE Enrichment