Impact
A use‑after‑free flaw exists in the Ozone layer of Google Chrome, allowing a maliciously crafted HTML page to trigger unintended use of freed memory and execute arbitrary native code. The weakness is classified as CWE‑416, and the Chromium security team rates it as critical. Any compromised code path can compromise the confidentiality, integrity, and availability of the system on which the browser runs, potentially enabling full system takeover.
Affected Systems
The vulnerability affects all installations of Google Chrome prior to version 150.0.7871.47 on desktop platforms. Users with earlier releases have an unpatched memory‑management flaw in the Ozone backend that can be exercised through a specially crafted HTML document.
Risk and Exploitability
The EPSS score is unavailable, indicating no quantified exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Attackers can deliver a crafted HTML page via any web‑based or local channel, rendering the page in Chrome and triggering the use‑after‑free. Once triggered, native code runs with the privileges of the Chrome process, enabling arbitrary code execution without additional user interaction.
OpenCVE Enrichment