Impact
This vulnerability arises from insufficient validation of untrusted input in Skia, the graphics library used by Google Chrome. A crafted HTML page can trigger a sandbox escape if the attacker already compromises the renderer process, allowing code execution beyond the browser sandbox. The critical nature of the flaw means that an attacker who can get a renderer process compromised can potentially take control of the client system.
Affected Systems
All users of Google Chrome versions prior to 150.0.7871.47 are potentially affected. The flaw is limited to the browser’s rendering component and does not affect native operating‑system components directly.
Risk and Exploitability
The flaw is rated critical by Chromium, but its EPSS score is not available and it is not listed in the CISA KEV catalog. The attack vector requires the attacker to control the renderer process, which typically implies a successful phishing or drive‑by exploit. Once achieved, the sandbox escape can lead to full system compromise. The lack of a public exploit suggests that the attack requires sophisticated attack infrastructure.
OpenCVE Enrichment