Impact
The vulnerability is a use‑after‑free flaw in Chrome’s Headless mode that allows an attacker, after compromising the renderer process, to invoke code outside the renderer’s sandbox. The flaw can lead to execution of arbitrary code with elevated privileges, jeopardizing the confidentiality, integrity, and availability of the system. It is classified as a high‑severity issue.
Affected Systems
Chrome versions before 150.0.7871.47 are affected. The issue exists in the Headless variant of Google Chrome run on desktop platforms.
Risk and Exploitability
The flaw is limited to the renderer process; an attacker must first gain control of this process, typically through a crafted HTML page or similar mechanism. The attack vector is inferred to be remote but requires renderer compromise, which may be achievable from a web page or potentially from a malicious local application that injects into Chrome. No exploitation probability score is available, and the vulnerability is not listed in the CISA KEV catalog. The CVSS severity is high, implying significant risk if the conditions for exploit are met.
OpenCVE Enrichment