Impact
The flaw is a use-after-free bug in Chrome's GPU component that allows an attacker who has already compromised the renderer process to escape the browser sandbox and execute arbitrary code on the host operating system. This vulnerability falls under CWE-416 and carries the potential for total system compromise.
Affected Systems
Google Chrome browsers with versions earlier than 150.0.7871.47 on all supported platforms are affected. Any system running a vulnerable Chrome build remains at risk until the patch is installed.
Risk and Exploitability
Chromium labels the issue as High severity, but no CVSS or EPSS value is available, and the vulnerability is not listed in CISA KEV. Exploitation requires an attacker to deliver a crafted HTML page that can compromise the renderer; this typically demands either prior exploitation of another flaw or a user visiting malicious content. Given the high impact and the lack of mitigation outside of patching, the threat to exposed systems is significant.
OpenCVE Enrichment