Impact
The vulnerability is a use after free flaw in Google Chrome's browser component. An attacker who has already compromised the renderer process can craft an HTML page that triggers the use after free, potentially allowing the attacker to escape the browser sandbox and execute code on the host system. This flaw is rated critical in Chromium's severity assessment.
Affected Systems
It affects Google Chrome versions earlier than 150.0.7871.47 on all supported operating systems where the vulnerable renderer component is present. Users running older stable releases without the fix are at risk.
Risk and Exploitability
The issue has a critical severity rating, but no EPSS score is available. It is not listed in CISA's KEV catalog. The attack requires the attacker to already have control over the renderer process, which typically indicates a preceding exploit or compromised content. If such conditions are met, the sandbox escape could lead to arbitrary code execution on the affected system. The inherent complexity of the exploit means it is not trivial, yet the critical nature warrants immediate attention.
OpenCVE Enrichment