Impact
A use‑after‑free flaw in the Chromoting component of Google Chrome on Windows allows a remote attacker to execute arbitrary code when Chrome receives specially crafted network traffic. The flaw falls under CWE‑416 and is assessed as Critical by Chromium. An attacker who can influence the network stream to the affected browser can trigger the exploit, leading to full compromise of the victim’s system.
Affected Systems
Google Chrome for Windows versions earlier than 150.0.7871.47 are affected. Systems running these versions without the latest update are vulnerable.
Risk and Exploitability
The vulnerability is remotely exploitable over the network. No EPSS score is available, and the issue is not listed in the CISA KEV catalog. While a CVSS vector is not provided, the Critical severity and use‑after‑free nature suggest a high likelihood of exploitation if an attacker can reach the browser with malicious traffic. The exploit requires the Chromoting feature to be active, but does not impose additional user interaction or special privileges beyond the owning user of the Chrome process.
OpenCVE Enrichment