Impact
An integer overflow bug in the Chromecast component of Google Chrome before version 150.0.7871.47 can be triggered by a crafted HTML page. The overflow allows a remote attacker who has already compromised a renderer process to escape the renderer sandbox and execute code with higher privileges on the host system. This vulnerability is classified as CWE‑472 and carries a high severity rating.
Affected Systems
Google Chrome, all users running any Chrome version earlier than 150.0.7871.47, on any platform that includes the Chromecast feature.
Risk and Exploitability
The vulnerability requires that an attacker already control a renderer process, which typically means they have previously compromised the browser process or exploited another flaw. Once that prerequisite is satisfied, delivery of a specially formatted web page can trigger the integer overflow and cause the renderer to break out of its sandbox. Exploit evidence is not yet publicly confirmed and the EPSS score is currently unavailable, but the high CVSS severity and lack of a CISA KEV listing suggest that the risk to exposed systems is moderate to high for environments that accept arbitrary web content.
OpenCVE Enrichment