Impact
The vulnerability arises from an uninitialized use of a variable within the Dawn rendering engine of Google Chrome. A remote attacker can craft an HTML page that triggers this flaw, potentially causing heap corruption in the browser process. Heap corruption could lead to arbitrary code execution or other severe impacts if the exploit is fully developed. The weakness is classified as CWE‑457.
Affected Systems
All releases of Google Chrome prior to version 150.0.7871.47 are affected. The issue exists in any platform that uses the Dawn rendering engine within Chrome. Clients running earlier Chrome versions are at risk.
Risk and Exploitability
Chromium rates the severity of this flaw as high. No EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog, indicating no widely known exploitation yet. However, the flaw requires only a crafted HTML page, which can be delivered over the web, making it potentially exploitable by remote attackers. Given the high impact of heap corruption and the lack of a public exploit, the risk remains significant until the vendor releases a fix.
OpenCVE Enrichment