Impact
A heap buffer overflow was discovered in the Chromecast component of Google Chrome, enabling an attacker who has already compromised the renderer process to escape the browser sandbox and execute arbitrary code on the underlying operating system. The flaw, classified as CWE‑122, can potentially lead to full system compromise if the crafted HTML page is successfully loaded and executed in the vulnerable process.
Affected Systems
The vulnerability affects all installations of Google Chrome running versions earlier than 150.0.7871.47. This includes the stable desktop channel and any earlier builds that have not applied the 2026‑06 update.
Risk and Exploitability
The flaw carries a high severity rating in Chromium’s own assessment. No EPSS data is currently available, and the issue is not listed in the CISA KEV catalog. Exploitation requires an attacker to deliver a malicious HTML page that triggers the crash while the renderer process is already compromised, suggesting a multi‑step attack. The absence of documented public exploits and the specialized prerequisites reduce the likelihood of widespread exploitation, but the potential impact remains substantial for exposed systems.
OpenCVE Enrichment