Impact
A flaw in Glic within Google Chrome allows an attacker to supply crafted HTML that is insufficiently validated, which can lead to a sandbox escape. This weakness could enable the attacker to break out of the browser sandbox and run arbitrary code on the host system, compromising confidentiality, integrity and availability of the affected machine. The Chromium team has categorized the vulnerability as high severity.
Affected Systems
Google Chrome users on versions older than 150.0.7871.47 are affected. This includes all stable channel releases remaining in the 150.x series that have not applied the 150.0.7871.47 update or newer revisions.
Risk and Exploitability
The CVSS score is not provided, but the Chromium security severity is listed as high. EPSS data is unavailable and the vulnerability is not in the CISA KEV catalog. The likely attack vector involves a remote attacker delivering a malicious HTML page to a victim, which is then rendered by the browser. If exploited, the sandbox escape could result in the execution of arbitrary code with user‑level privileges or greater. Given the lack of public exploitation evidence, the exact likelihood is uncertain, but the high severity designation warrants prompt action.
OpenCVE Enrichment