Impact
A use‑after‑free flaw in Chrome’s Blink rendering engine lets a remote attacker craft a malicious HTML page that triggers the vulnerability and causes arbitrary code to run inside the browser’s sandbox. The flaw is identified as CWE‑416 and is rated High by the Chromium security team, meaning an attacker can execute code without additional privilege escalation.
Affected Systems
Google Chrome browsers on desktop platforms, specifically all builds prior to version 150.0.7871.47, are affected. Users running these earlier releases are vulnerable if they view a malicious web page.
Risk and Exploitability
The vulnerability is listed as High severity but lacks an EPSS score and is not included in the CISA KEV catalog. Attackers can exploit it remotely by delivering a crafted web page, potentially allowing drive‑by execution. No additional conditions such as user interaction or privileged access are required, making the risk significant for any device that can open web content.
OpenCVE Enrichment