Impact
An input validation flaw in ANGLE, the graphics abstraction layer used by Chrome, allows a compromised renderer process to craft data that bypasses sandbox bounds. The flaw is a classic boundary check error (CWE‑20). If exploited, the attacker could escape the renderer sandbox and execute code with higher privileges, potentially compromising the user’s system.
Affected Systems
Google Chrome versions prior to 150.0.7871.47. The vulnerability is present in all installations that use ANGLE without the recent patch. The affected component is the renderer process that handles web content.
Risk and Exploitability
The Chromium security team rated the issue as critical, but no EPSS score is available and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires the attacker to already control or influence the renderer process, typically through malicious web content or a compromised extension. The opportunity for a full sandbox escape would grant code execution outside the renderer, enabling further system compromise.
OpenCVE Enrichment