Impact
A recent issue in Google Chrome's XML handling allows an attacker to craft a malicious HTML page that can trigger heap corruption within the browser process. This vulnerability is classified as a high-impact flaw, posing a risk of arbitrary code execution or stability degradation if successfully exploited. The weakness corresponds to a heap-based buffer overflow (CWE-122).
Affected Systems
All users of the Chrome desktop stable channel running a version older than 150.0.7871.47 are vulnerable. The flaw originates in the browser’s XML parsing module and affects any site that can serve the crafted HTML to the client.
Risk and Exploitability
Because the attack requires delivery of a specifically crafted HTML page, the typical vector is a malicious website or a phishing page that a user visits. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, but its high severity and heap corruption potential mean the risk is still significant. No public exploit has been reported in the supplied data, but the possibility of exploitation exists until a patch is applied.
OpenCVE Enrichment