Impact
A use‑after‑free flaw exists in Chrome’s Views component that can be triggered by a crafted HTML page. If an attacker convinces a user to perform specific UI gestures while viewing the page, the flaw may corrupt the heap. The resulting memory corruption could enable an attacker to execute arbitrary code or crash the browser, severely impacting confidentiality or availability. This weakness is identified as CWE‑416.
Affected Systems
The vulnerability affects Google Chrome versions prior to 150.0.7871.47. Users who have not updated to at least the 150.0.7871.47 release are at risk.
Risk and Exploitability
Chrome labels the issue as critical. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. Because the flaw requires the victim to interact with a malicious page, the exploitability depends on user behavior, but it can be remotely triggered once the user visits the crafted site. The lack of publicly disclosed CVSS data means the precise severity cannot be quantified here, but the critical severity rating suggests the risk is high.
OpenCVE Enrichment