Impact
The vulnerability is a use‑after‑free in the Chromecast component of Google Chrome. It allows an attacker who has already compromised the renderer process to escape the sandbox by exploiting a crafted HTML page that triggers the freed memory access. This flaw is classified as CWE‑416 and can result in arbitrary code execution or privilege escalation on the host system.
Affected Systems
Google Chrome users running versions prior to 150.0.7871.47 are affected. The flaw exists specifically in the Chromecast implementation of Chrome on all platforms where Chrome is installed.
Risk and Exploitability
The security severity is listed as High, and the EPSS score is unavailable, so the exploitation likelihood cannot be quantified precisely. However, because the flaw requires the renderer process to be compromised and a malicious HTML page to be delivered, the attack vector is remote and requires user interaction or a compromised site. The absence of a KEV listing suggests no known widespread exploitation, but the high severity indicates that patches should be applied promptly, especially in environments that use Chromecast or host web content from untrusted sources.
OpenCVE Enrichment