Impact
A use‑after‑free flaw exists in the Chromoting component of Google Chrome when running on Linux systems prior to version 150.0.7871.47. The vulnerability allows a remote attacker to send crafted network traffic that triggers the freed memory usage, leading to arbitrary code execution on the user’s device. The weakness is identified as CWE‑416, indicating improper handling of memory after it has been released.
Affected Systems
Google Chrome versions earlier than 150.0.7871.47 running on Linux distributions are impacted. The issue specifically targets the Chromoting protocol support in those builds.
Risk and Exploitability
The flaw is marked with high severity by Chromium and can be exploited remotely through malicious network input. Although an EPSS score is currently not available and the vulnerability is not listed in CISA’s KEV catalog, the combination of a remote code execution payload and the lack of mitigation recommendations points to a high overall risk. A remote attacker must be able to establish a connection that communicates with Chrome’s Chromoting service, and if successful, can achieve full code execution on the host.
OpenCVE Enrichment