Impact
The vulnerability allows an attacker who has already compromised the renderer process to exploit an out‑of‑bounds read and write on the GPU, which can result in arbitrary code execution inside the browser sandbox. This issue is classified as a memory resource use error (CWE‑416) and carries a high severity rating by Chromium.
Affected Systems
Google Chrome installations prior to version 150.0.7871.47 on desktop platforms are affected. Versions 150.0.7871.47 and later incorporate the necessary fix.
Risk and Exploitability
The exploit requires prior compromise of the renderer process, after which a crafted HTML page can trigger the OOB memory access, leading to code execution within the sandbox. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, indicating no publicly known exploits at the time of this analysis. The high severity score and the need for renderer compromise highlight a significant attack risk for impacted systems.
OpenCVE Enrichment