Impact
A use‑after‑free flaw exists in the Views component of Google Chrome. If an attacker can convince a user to perform specific UI gestures while interacting with a specially crafted HTML page, the resulting heap corruption could compromise the browser’s memory safety. The vulnerability is categorized as CWE‑416, enabling potential read or write of corrupted memory, which could lead to arbitrary code execution within the user’s session.
Affected Systems
Google Chrome browsers with versions prior to 150.0.7871.47 are affected. Users running these outdated releases are at risk until they apply the available update.
Risk and Exploitability
The vulnerability carries Chromium’s critical severity rating. No EPSS score is available and it is not listed in CISA’s KEV database, but the lack of publicly known exploits does not diminish the high risk posed by this memory corruption problem. Once the target browser is tricked into the specific UI gestures defined by the attacker, heap corruption can be achieved, potentially allowing remote code execution on the client machine.
OpenCVE Enrichment