Impact
Chrome’s ANGLE component performed insufficient input validation on untrusted data, enabling a compromised renderer process to break out of its sandbox and potentially execute arbitrary code on the host. The vulnerability allows an attacker who can supply a specially crafted HTML page to a renderer to use that misvalidation to escape the rendering environment.
Affected Systems
All users running Google Chrome desktop versions earlier than 150.0.7871.47 are affected. The flaw resides in the renderer process; the vulnerability is specific to the ANGLE graphics layer used by these releases.
Risk and Exploitability
The CVE is rated high severity by Chromium security, but no EPSS information is currently available. The flaw requires a remote attacker to provide malicious input to the renderer, typically by hosting a crafted web page. Because the attacker must first compromise the renderer process, the attack surface is limited compared to broader remote code execution vectors. The vulnerability is not listed in CISA’s KEV catalog, indicating no confirmed widespread exploitation at this time.
OpenCVE Enrichment