Impact
The vulnerability is a use‑after‑free condition in Chrome’s updater on macOS that can be triggered by a malicious file supplied by a local attacker. The CVE description states that this allows a local attacker to perform privilege escalation via a malicious file, and the weakness is identified as CWE‑416. The information does not explicitly confirm arbitrary code execution.
Affected Systems
It affects Google Chrome running on macOS versions prior to 150.0.7871.47. All installations that have not yet received the 150.0.7871.47 update may be susceptible.
Risk and Exploitability
The flaw is high severity. The EPSS score is not available and it is not listed in the CISA KEV catalog. Attackers require local access to create a malicious file in the updater directory; if successful, they can trigger the use‑after‑free and potentially elevate their privileges. Because the condition is local, the impact is limited to users with access to the affected machine.
OpenCVE Enrichment