Impact
An integer overflow (CWE‑472) in the Chromecast component of Google Chrome can be triggered by a crafted HTML page that an attacker supplies after having already compromised the renderer process. The overflow occurs when bounds checking on cast command data is insufficient, allowing memory corruption that can break the browser’s sandbox and potentially lead to remote code execution. The flaw is marked as High severity by the Chromium team, indicating that exploitation could result in significant loss of confidentiality, integrity, and availability of the victim’s system.
Affected Systems
Google Chrome versions older than 150.0.7871.47 on all supported operating systems are affected. Users still running stable channel releases before that version must verify whether the Chromecast component has been patched, as the vulnerability resides specifically in that component.
Risk and Exploitability
The EPSS score is not available and the flaw is not listed in the CISA KEV catalog. Exploitation requires a prior compromise of the renderer process; after that, a malicious HTML page can trigger the integer overflow. Because the attack is limited to browsers that retain the unpatched Chromecast code, the risk is elevated for systems remaining on older releases. The high severity rating and potential sandbox escape underscore a significant impact if the flaw were actively exploited.
OpenCVE Enrichment