Impact
This vulnerability is a use‑after‑free flaw in the Glic component of Google Chrome that can allow an attacker who has compromised the renderer process to potentially escape the browser sandbox. The flaw enables the execution of arbitrary code with the privileges of the renderer process, which can lead to full system compromise if the sandbox is successfully bypassed. The weakness is classified as CWE‑416 and is rated as high severity by Chromium.
Affected Systems
Google Chrome versions older than 150.0.7871.47 are affected. The issue exists in the stable channel releases prior to that revision. Only users running those versions and visiting crafted web pages are exposed until the issue is patched.
Risk and Exploitability
The EPSS score for this vulnerability is not available, and it is not listed in the CISA KEV catalog. Chromium assigns it a high severity rating. The attack likely originates from a malicious or compromised HTML page that is rendered in a renderer process already compromised by other means. An attacker would need to supply a specially crafted page to the vulnerable renderer, which is a remote exploitation path. Once the renderer escapes the sandbox, the attacker can gain system level privileges. As the exploit depends on renderer compromise, the vector is local to the client but can be triggered remotely via injected content.
OpenCVE Enrichment